f50bdc2036200c51082ac1e44dc3ad87_JaffaCakes118 | Triage

Sharing

General

Target

f50bdc2036200c51082ac1e44dc3ad87_JaffaCakes118
Size

15KB
MD5

f50bdc2036200c51082ac1e44dc3ad87
SHA1

5a9638bd142f565c2e586d212b7e7df49b9dab11
SHA256

1d7ef27be28b55005dc2a4ff2c2b24625c0103e0f0cd5fe797e1ad957d30d1b0
SHA512

5190f4ff21a1047570b384561daeb774a4df8f2a6133e4e36ed0c290af467bd208cec2be0fefc0cc1273d8ceccd912249c5ed36b28673c4dc5e52bdbc54896be
SSDEEP

192:ZFLG63My+IK5gCobQdRJk7OQSOvcQKuBBQ6PRQkDeIifIiOW:Xi6cyF6Jk7OQ+uBBQARQkyIifIe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f50bdc2036200c51082ac1e44dc3ad87_JaffaCakes118

Files

f50bdc2036200c51082ac1e44dc3ad87_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d82b00929e7652bbff15ff6c5b23edb4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

gethostname

kernel32

LoadLibraryA
WaitForSingleObject
TerminateThread
Sleep
ExitProcess
lstrcmpA
OutputDebugStringA
IsBadReadPtr
CreateThread
lstrcpynA
lstrcpyA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
lstrlenA
ReadFile
VirtualProtectEx
lstrcatA
lstrcmpiA

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ