fac9c75b9de3497dba1305a53a7a3c10_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fac9c75b9de3497dba1305a53a7a3c10_JaffaCakes118
Size

24KB
MD5

fac9c75b9de3497dba1305a53a7a3c10
SHA1

0bcb52dc52266ec2cd2d25d7aad0c9138c64a319
SHA256

6c5d265e09f42520d5074b690070381c7a35fec3ececb89b0a4f77c88bb9a85c
SHA512

53f262e6dfa9156aecc770f8f6471ef2f887531daa3a531a66514be0feb07f1531db1c037f1964a15e7681bb789265e765cd9f988f876d671c119e64ea449dd2
SSDEEP

192:2QyL1VU58XZqDuBBQ6PRQkbZBSaeugqgbv2+E923R:2XiyZwuBBQARQkbSae7vlE923R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fac9c75b9de3497dba1305a53a7a3c10_JaffaCakes118

Files

fac9c75b9de3497dba1305a53a7a3c10_JaffaCakes118
.dll windows:4 windows x86 arch:x86

70a73c6e0aaeeb949966645d6aaf095e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
ExitProcess
Sleep
VirtualProtect
lstrcatA
GetCurrentDirectoryA
CloseHandle
CreateThread
GetModuleFileNameA

user32

SetWindowsHookExA
SetTimer
wsprintfA
CallNextHookEx
UnhookWindowsHookEx

ws2_32

gethostname

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile

msvcrt

_adjust_fdiv
malloc
_initterm
free
strstr
memcpy
strcmp
strrchr
strlen
memset
strcpy
exit
memcmp
strcat

ntdll

_strlwr
_itoa

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ