eda0f5ba7ae28c0542e95fcbfcd766f0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eda0f5ba7ae28c0542e95fcbfcd766f0_JaffaCakes118
Size

11KB
MD5

eda0f5ba7ae28c0542e95fcbfcd766f0
SHA1

3490d3f2dda9fdb5ae3df078fed7107e5a320a25
SHA256

167f99b028c0988f6f519df9ac87b88cd00b511c8f8fa091c85ea9ec4291246a
SHA512

3596a0863f2c36ab1ac7c06bfef8613899ccaef0b26da9fcaff4d64f754f1ef81186d9ad6bdeeadcb7702a8a0c36251a93f71ad37775a9935497022640198929
SSDEEP

192:YXlEyXyLZwTH8EASdWOhxARZaQdBb0OxQuBVWv7TZV/5jmM:YVCKTH8eWOT4j0OZe7TZLn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eda0f5ba7ae28c0542e95fcbfcd766f0_JaffaCakes118

Files

eda0f5ba7ae28c0542e95fcbfcd766f0_JaffaCakes118
.dll .js windows:4 windows x86 arch:x86 polyglot

db078fefdcf31195790056f1f75dbc21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

kernel32

EnterCriticalSection
WriteFile
GetCurrentProcess
SetUnhandledExceptionFilter
ExitProcess
ReadFile
GetTempFileNameA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
lstrlenA
lstrcpynA
GetTickCount
DeleteFileA
Sleep
CreateThread
lstrcatA
lstrcpyA
GetWindowsDirectoryA
WaitForSingleObject
CreateProcessA
OutputDebugStringA
DeleteCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSection
CreateFileA

user32

CloseDesktop
MessageBoxA
wsprintfA
CreateDesktopA
SetThreadDesktop
EnumWindows
ShowWindow
GetWindowThreadProcessId
IsWindowVisible
FindWindowExA
EnumChildWindows
FindWindowA
GetDlgItem
PostMessageA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ