279f00a164b9dd7cb4317a01dea38386_JaffaCakes118 | Triage

Sharing

General

Target

279f00a164b9dd7cb4317a01dea38386_JaffaCakes118
Size

18KB
MD5

279f00a164b9dd7cb4317a01dea38386
SHA1

508671f45d070faa8e69c4d3b8ee7913dfdaf874
SHA256

dee49c72c7b9968b86e670845834280f122b0a35843510233b3206f3877017cc
SHA512

7051ee3ce3d2b5a84510fbd20067834df3fc9946e4e06380142500c3cfe8ae04f3bf3660851197f59001f1e0b40f2c5a6631a4d84e42d6d54443f6e88fcd6d98
SSDEEP

384:O4C+lZawPNU+4iKEoR/jHVeeLfgPqc+urDZRQcNtA:u+LaYW+4nE4/zV7kCBuffG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
279f00a164b9dd7cb4317a01dea38386_JaffaCakes118

Files

279f00a164b9dd7cb4317a01dea38386_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fdbe7069771a595914f234ad85e7135c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
CreateProcessA
WriteFile
GetTempPathA
GetLocalTime
GetSystemDirectoryA
SetThreadPriority
CreateThread
GetModuleFileNameA
DisableThreadLibraryCalls
VirtualAlloc
VirtualFree
DeleteFileA
Sleep
CreateFileA
GetLastError
TerminateThread
CloseHandle

wininet

InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

advapi32

ControlService
OpenServiceA
DeleteService
OpenSCManagerA
CloseServiceHandle

msvcrt

strrchr
memset
strlen
memcpy
_except_handler3
sprintf
strcat
strcpy

Exports

Exports

DriverProc
modMessage
modmCallback

Sections

TYe9fJe
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsta
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gsta
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ