302345a196e5ed4bbf7e4521224a9e43_JaffaCakes118

General

Target

302345a196e5ed4bbf7e4521224a9e43_JaffaCakes118
Size

17KB
MD5

302345a196e5ed4bbf7e4521224a9e43
SHA1

1debfcbbc10a664a76801a0f40ae6b68c5311a05
SHA256

0e3b15f11664dcf2ed3b23ee5c09d2e26a401e1029db12f96b49f1b0a96c2200
SHA512

9b0fbfca134cd3f2f4808080024905cbff3850160cc3936993bd0e820501e4a4e6ff9c2ae7f4f78eebcc2a3ec606dc050b6e98af670e6ba73c7a01062ad7dea1
SSDEEP

192:fxPGkfAps4J7QZHlgUTp1RDyYEecs+uBBQ6PRQkAlPn8H7lawvmD:5+kopR4Tp15Cecs+uBBQARQkAlPn8H0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
302345a196e5ed4bbf7e4521224a9e43_JaffaCakes118

Files

302345a196e5ed4bbf7e4521224a9e43_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b4ada395c8b04feaf893e69e4410b979

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory
RtlUnwind

ws2_32

closesocket
gethostname

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle

kernel32

VirtualAlloc
GetSystemDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentDirectoryA
CreateThread
lstrlenA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WritePrivateProfileStringA
WaitForSingleObject
TerminateThread
Sleep
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
lstrcatA
VirtualFree
VirtualProtectEx
IsBadReadPtr

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
SetTimer
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SB0
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4ada395c8b04feaf893e69e4410b979

Headers

File Characteristics

Imports

ntdll

ws2_32

wininet

kernel32

user32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.bss Size: - Virtual size: 4B

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 3KB - Virtual size: 2KB

.SB0 Size: 1024B - Virtual size: 526B

.reloc Size: 512B - Virtual size: 484B

.text
Size: 10KB - Virtual size: 9KB

.bss
Size: - Virtual size: 4B

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 2KB

.SB0
Size: 1024B - Virtual size: 526B

.reloc
Size: 512B - Virtual size: 484B