f2d5dc82ad36e11d501a874fba8569ee_JaffaCakes118 | Triage

Sharing

General

Target

f2d5dc82ad36e11d501a874fba8569ee_JaffaCakes118
Size

7KB
MD5

f2d5dc82ad36e11d501a874fba8569ee
SHA1

8cec6ff68873a80ef8a6f072342f6eca5effca9f
SHA256

b82a2dbb8bc6359c6594b29a899ec3a23f3c9a5c605c91a5cb28747b75f60c20
SHA512

4c3858b84cc4ede3f88d322e80f72795d731ff2c9e7230a2aab32513584efb5a6d1d5a8ab0928edc77a0c64aa35bd272852842a0ee5cd1255e4e51a69d5404df
SSDEEP

96:jOWtBb9DzeUkE5Go6ccayCbFlsKuiQ7nP2NfR3qaf9ioOJuWp:jOWtp9DwEc8pHL1uiYnKfj8ocu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2d5dc82ad36e11d501a874fba8569ee_JaffaCakes118

Files

f2d5dc82ad36e11d501a874fba8569ee_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2af88515b2b939b4b29c9edec5dd3d44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
CreateThread
VirtualProtectEx
GetModuleFileNameA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
Sleep
GetCommandLineA
GlobalFree
ReadProcessMemory
GlobalLock
GlobalAlloc

user32

ToAscii
SetWindowsHookExA
CallNextHookEx
GetAsyncKeyState
GetKeyboardState
UnhookWindowsHookEx

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

msvcrt

_adjust_fdiv
malloc
_initterm
free
strstr
_stricmp
strncpy
??2@YAPAXI@Z
sprintf
strlen
memcpy
strrchr
strcpy
strcmp
strcat

Exports

Exports

fa
fc

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ