17e7ab0c82dbd7befb21575ad96559ea_JaffaCakes118

General

Target

17e7ab0c82dbd7befb21575ad96559ea_JaffaCakes118
Size

19KB
MD5

17e7ab0c82dbd7befb21575ad96559ea
SHA1

eb8b34ef0b0153f12cf42cf31d54dd3429dfa4ab
SHA256

dda48d9266d5bcdcc3e05d2f14d87615e065007c0cf23f293ede87a557ea7653
SHA512

bb1f482f28e09bfd2ecc851773861fe5185ca41f50ffb7e63f6734f4480e24143a6c5c98e8e5b291f652cac45965b06911f8b077f1ec2e85735b590f5ffbfe2a
SSDEEP

384:RALk1sxlAqFRvmO0OwuBBQARQkhtJaHN/K:RJO6+RvmO0OnBBQARQk4HN/K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17e7ab0c82dbd7befb21575ad96559ea_JaffaCakes118

Files

17e7ab0c82dbd7befb21575ad96559ea_JaffaCakes118
.dll windows:4 windows x86 arch:x86

70e26ead080aa3a705323873ee4a80f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory
RtlUnwind

ws2_32

closesocket
gethostname

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle

kernel32

VirtualFree
IsBadReadPtr
GetTempPathA
GetTempFileNameA
GetStartupInfoA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WriteFile
WaitForSingleObject
TerminateThread
Sleep
SizeofResource
LockResource
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
VirtualAlloc
FindResourceA
VirtualProtectEx
lstrcatA
lstrlenA
CreateProcessA
CreateThread
DeleteFileA
LoadResource

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70e26ead080aa3a705323873ee4a80f1

Headers

File Characteristics

Imports

ntdll

ws2_32

wininet

kernel32

user32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.bss Size: - Virtual size: 4B

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 572B

.text
Size: 12KB - Virtual size: 11KB

.bss
Size: - Virtual size: 4B

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 572B