f75a43f80c276d042572edca2422a15d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f75a43f80c276d042572edca2422a15d_JaffaCakes118
Size

26KB
MD5

f75a43f80c276d042572edca2422a15d
SHA1

87cd0a1455f32082d40299cd2cd75dbafa77b020
SHA256

c14f8944137b1aff86df0937c03349e6ee643057bb3964ec8ca38db7ea076cd0
SHA512

e0956b6d1b01998fff0e897aa7faefad2d8c30ccc3bd27e616afbbbb6bd4792de1a274ba01137ee62cc3ff4e2bbb6ca171e1b977931c6a07b8a95e6308621ed3
SSDEEP

768:eGgLa1hOl98J3Mw/WxQ4iCNkEW74cOA8Xq:MLaDOwlM4WdiCNkEWIRq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f75a43f80c276d042572edca2422a15d_JaffaCakes118

Files

f75a43f80c276d042572edca2422a15d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4c9c17d59896eaab84a93048a98b09a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
lstrcpyA
GlobalAlloc
GetProcAddress
LoadLibraryA
VirtualProtect
lstrlenA
VirtualFree
VirtualAlloc
ResumeThread
CreateThread
CloseHandle
ReadFile
GetFileSize
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetModuleFileNameA
DeleteFileA
ExpandEnvironmentStringsA
_lclose
_lopen
GetPrivateProfileStringA
GetPrivateProfileIntA
_lcreat
GetTempPathA
IsBadReadPtr
GetVersion
WriteFile
SetFilePointer
GlobalFree
Sleep
CreateFileA
GetModuleHandleA

user32

ShowWindow
FindWindowExA
FindWindowA
SendMessageA
SetForegroundWindow
wsprintfA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

shell32

ShellExecuteA

msvcrt

memcpy
fopen
fscanf
fprintf
fclose
memset
strstr
strlen

Exports

Exports

WinlogonLogoffEvent
WinlogonSystemEvent

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ