0d8d89b8bb01e4314e83fed647c02ba5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d8d89b8bb01e4314e83fed647c02ba5_JaffaCakes118
Size

22KB
MD5

0d8d89b8bb01e4314e83fed647c02ba5
SHA1

91a2cf6333df65899c4fdf04fe6a7ca194279666
SHA256

dbd63f5133a8d89809fb43b912f83c1aea50c12c8a1fff33209160cf239bedc9
SHA512

e671cbe7abaa28d77bd94035cc9f958d9da48fe15a88192dbabe3fe71689c9517aeb4fd543e47d3d79e19784e003297728c26deadfa798ca7cd87868e5883459
SSDEEP

192:70LPEwTsDf2WIz9AWLDWR7bBo+nJJAm19UQvIjnKbug4mYJXQKSE/CcZx0WNU/nf:o/s2V3WR7nkm1+3mYVqcZx0Y4oIi2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d8d89b8bb01e4314e83fed647c02ba5_JaffaCakes118

Files

0d8d89b8bb01e4314e83fed647c02ba5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

71f133e5854db79ca42a23ecbb727eab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

send
gethostbyname
htons
socket
connect
WSAStartup
WSACleanup
closesocket
recv

kernel32

GetSystemTime
OpenEventA
SetEvent
VirtualQuery
DeleteFileA
GetTempFileNameA
GetTempPathA
WinExec
lstrlenA
GetModuleFileNameA
lstrcatA
CloseHandle
WriteFile
CreateFileA
CreateProcessA
GlobalFree
lstrcpyA
GlobalAlloc
GetLastError
FileTimeToSystemTime
FindClose
FindFirstFileA
RtlUnwind
GetSystemDirectoryA
GetComputerNameA
GetLocaleInfoA
Sleep
GetTickCount
CreateMutexA
GetWindowsDirectoryA
lstrcmpiA
lstrcpynA
lstrcmpA
ExitProcess
CreateThread

user32

CallNextHookEx
SetWindowsHookExA
SendMessageA
CharLowerA
wsprintfA

advapi32

RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

Activate

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ