20ebd2a9e3294fbd62add8bb5e568756_JaffaCakes118 | Triage

Sharing

General

Target

20ebd2a9e3294fbd62add8bb5e568756_JaffaCakes118
Size

18KB
MD5

20ebd2a9e3294fbd62add8bb5e568756
SHA1

12ffbf934a884c0858c9b0d3c7a03f14e6638d4e
SHA256

a4c362d623147c75dcd2b9b5ba0463576e5a0a271e0d14f1dfd561df1fe5f3f6
SHA512

2a65854e22cf6b507750f0dcd8385df59a3c8e5f0fdad9181a776904df1a8b54abdf28d761eff2d73d82951a3cff2786f6947ef9b2b4f3a8f6768b14bcb61aca
SSDEEP

192:JBv5P1RdqOs0U87+SZA5U2tqdAiDtFlNlJuXJMCIJO8DVGEeDzq6Ld:lLdZs0U8gULACDlNlJYKO3EoG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20ebd2a9e3294fbd62add8bb5e568756_JaffaCakes118

Files

20ebd2a9e3294fbd62add8bb5e568756_JaffaCakes118
.dll windows:4 windows x86 arch:x86

197622884788c4bedddcce3ee546b083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualAllocEx
OpenProcess
GetProcAddress
GetModuleHandleA
DeleteFileA
CreateFileA
WriteFile
OpenEventA
Sleep
GetFileSize
ReadFile
GetModuleFileNameA
VirtualFreeEx
VirtualProtectEx
WideCharToMultiByte
ReadProcessMemory
GlobalFree
GlobalLock
GlobalAlloc
GetCurrentProcess
CreateEventA
SetThreadPriority
CreateThread
GetPrivateProfileStringA
CreateRemoteThread
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
VirtualFree
TerminateProcess
VirtualAlloc

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
wsprintfA
GetInputState
PostThreadMessageA
GetMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ