JaffaCakes118_596136904d793492789bbb7868d235bd | Triage

Sharing

General

Target

JaffaCakes118_596136904d793492789bbb7868d235bd
Size

46KB
MD5

596136904d793492789bbb7868d235bd
SHA1

f1d83180801b181fc11b67d374cf6a60c7f51512
SHA256

7dde1d6fdcb309eed2ed548752a9e0c28e5c6d895e7febed28c5613fa7e0ba85
SHA512

8dc3c73206086502657221f245b825a0845ce5d28721aa0f966ef335d8276c1046b8fa64a39235ebc3137ee7ba7f40c1cb3f0920011836e4d4bce4136a03e66f
SSDEEP

768:MInKkJI9YSRbv1lHEiovqhC0soO+5ksH8T+AEbeAgedCIOfD/nrz5lx2BEn1b7N9:tKkJMvRbv1miXMcj8LAgdVfD/rtGEtNK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_596136904d793492789bbb7868d235bd

Files

JaffaCakes118_596136904d793492789bbb7868d235bd
.dll windows:4 windows x86 arch:x86

7cc4e1ab59e0003d184045366463ac2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CallNextHookEx

gdi32

BitBlt

advapi32

IsValidSid

shell32

SHGetFileInfoA

wininet

InternetCloseHandle

shlwapi

SHDeleteKeyA

msvcrt

atoi

winmm

waveInOpen

ws2_32

WSAStartup

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

imm32

ImmReleaseContext

avicap32

capGetDriverDescriptionA

msvfw32

ICSeqCompressFrame

psapi

GetModuleFileNameExA

wtsapi32

WTSFreeMemory

Exports

Exports

ServiceMain
ServicemixX
cervicemixX
svchostdkx

Sections

.text
Size: 39KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE