18bce039f2a4cb6c7ee23823b8781b9e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18bce039f2a4cb6c7ee23823b8781b9e_JaffaCakes118
Size

21KB
MD5

18bce039f2a4cb6c7ee23823b8781b9e
SHA1

8d4d5c9d6ba7ff98cb2c15578e891af632177f99
SHA256

c642dc2b629dac677ec7c03e1881e1f065ea3d6deb243e497f6ddf5cff28dc7f
SHA512

4c3009a59b32e534d375a7e37d768dcb7529ee0fdb40b0d07f0291c77ea67fc1ef8bb82164c342bd9f7dfd9b397c1613a3ff20ba8966da8325b4aa44785ded7e
SSDEEP

96:Nsa9BzfTwOnu4bP3+ppNVFMfyt+mSqmwX0rhYHy+K1vBMk:NLzfTwOnu4bP3+pzVFMf9mtm00rhIQp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18bce039f2a4cb6c7ee23823b8781b9e_JaffaCakes118

Files

18bce039f2a4cb6c7ee23823b8781b9e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c265127e1d721c16da2039160f589c2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
CloseHandle
SetEvent
lstrcpyA
ResetEvent
OpenEventA
WriteProcessMemory
ReadProcessMemory
GetCurrentProcess
GlobalLock
GlobalAlloc
GetProcAddress
GetModuleHandleA
lstrlenA
TerminateProcess
WaitForSingleObject
GetVersionExA
SetLastError
GetLastError
lstrcmpiA
GetModuleFileNameA

user32

SetWindowsHookExA
wsprintfA
CallNextHookEx

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

Exports

Exports

Config
Intercept
Setup

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ