fab8c3379cbb107d479c77e587c0855e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fab8c3379cbb107d479c77e587c0855e_JaffaCakes118
Size

6KB
MD5

fab8c3379cbb107d479c77e587c0855e
SHA1

112392ea7e9c6479da94fef7cdef4e22c20bf897
SHA256

f1bd97593ce743d7cbb4b0d7ddac6f1dcbc36d86074ba152b8a081c39e4e6bfc
SHA512

9d4cf39a457a199772ec48b6a86c1fe162040c2c0d7675092ac7f4bcab5634835deb3e51fef095f1c5bfd653fcc53433fad2f309d2eca450cf136e89ac124439
SSDEEP

96:+glM96CLGTzCXb/bAipZElQNlGWvOcfLGTVRRlVd3LwTjJq:+4C0zab/cMG2Tf07bVVLmjo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fab8c3379cbb107d479c77e587c0855e_JaffaCakes118

Files

fab8c3379cbb107d479c77e587c0855e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

94a6b8da948d48b4302d668851cead51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
DisableThreadLibraryCalls
lstrcatA
Sleep
GetProcessHeap
CreateThread
lstrcmpA
lstrcpyA
lstrlenA
HeapFree

user32

SendMessageA
GetClassNameA
EnumChildWindows
GetForegroundWindow
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
IsWindow
CallNextHookEx
RegisterWindowMessageA
GetWindowThreadProcessId

advapi32

GetUserNameA

ws2_32

WSACleanup
closesocket
send
recv
connect
socket
htons
gethostbyname
WSAStartup

Exports

Exports

Init

Sections

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ