17c1f79365c9e070dd823764b39b3f25_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17c1f79365c9e070dd823764b39b3f25_JaffaCakes118
Size

124KB
MD5

17c1f79365c9e070dd823764b39b3f25
SHA1

8fdfb80e95fe5b4db6e8acbd079f2ef43dedee2f
SHA256

b5f90f4c8522927562074d762008581fc049222a46328daa32ba4b117451dfb9
SHA512

80d51afacea47dc66663a0ec82891bedcef17e6cbbd5502e263038855eaffb1c4d3777158887ea5d9dda6aa5305656480a7c74402aeac7c1873e748eb23a048f
SSDEEP

1536:4zKhufbJiK/obsvE9uBJ/hRhf/jFJNcn2yNaZggkHxqNOoscMppfIXgFyN+k4jT1:AbQCvE945f/jFJNcn1eULnfIL8jTvN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17c1f79365c9e070dd823764b39b3f25_JaffaCakes118

Files

17c1f79365c9e070dd823764b39b3f25_JaffaCakes118
.dll windows:4 windows x86 arch:x86

63e27635ed108ade635f63a0e2fd86cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
LeaveCriticalSection
GetLastError
EnterCriticalSection
TerminateProcess
GetExitCodeProcess
CloseHandle
WriteFile
CopyFileA
GetProcAddress
GetModuleHandleA
CreateThread
GetTickCount
InitializeCriticalSection
CreateMutexA
Sleep
WinExec
GetVersionExA

ws2_32

WSAGetLastError
ntohs

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

msvcrt

_ui64toa
_adjust_fdiv
malloc
time
sscanf
atoi
rand
__CxxFrameHandler
_CxxThrowException
_purecall
??2@YAPAXI@Z
sprintf
srand
wcstombs
strncmp
free
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm

Exports

Exports

ServiceMain

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ