fa0a0f0305cfaaecde3e81a04b99c1b1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa0a0f0305cfaaecde3e81a04b99c1b1_JaffaCakes118
Size

14KB
MD5

fa0a0f0305cfaaecde3e81a04b99c1b1
SHA1

34e173f0e68142c1cec6a17bf128742d787f6550
SHA256

30ccbd13039487b816bb802051e17cb47ce0077655c2d30cb8dab1ec9d81f99c
SHA512

ce2ac8deb378bec4d976ce0f542db4ea002846d270750c96405900929b875aa41d59cd0030720c86ee228ecc403e10b776e4d0df0e37468ecce450fca18a4242
SSDEEP

192:x1Gy3bWNPOw5tRjygcXM5P+OGZ2EuBBQ6PRQkhPe/zkEmBzQ:nGyyNPXnnQO42EuBBQARQkde/zTmBzQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa0a0f0305cfaaecde3e81a04b99c1b1_JaffaCakes118

Files

fa0a0f0305cfaaecde3e81a04b99c1b1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

84fe051fc88b00e5f590787a7e2984ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

gethostname

kernel32

ReadFile
Sleep
GetSystemDirectoryA
GetPrivateProfileStringA
GetLocalTime
lstrcpyA
lstrcmpiA
WritePrivateProfileStringA
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ExitProcess
VirtualProtectEx
lstrcatA
lstrlenA
CreateThread
SystemTimeToFileTime

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ