27d37f535b36c8eea738227da75c4c5c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27d37f535b36c8eea738227da75c4c5c_JaffaCakes118
Size

7KB
MD5

27d37f535b36c8eea738227da75c4c5c
SHA1

4d57ccbee16ac29c16cceb74e8f8901bf861a812
SHA256

c10e170edb6c485fb0c5a3fe7a32505a345e5bf45bd4c703d8f57ccd7783bf9f
SHA512

360c46e9d1acc83e68312ddc6560e9efbe111ad5c7f264f63eb9b0acb623cda88228f4e7d3e19108101e6e3882e44fbfc55a59fff0c327b4113c711ecbfcf8bc
SSDEEP

96:jcfR/dsR4c85d6MRlDCHglaMWfi4/8xUbkN1umqaf3Px5O:jed44HdZXyfi47o1uafO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27d37f535b36c8eea738227da75c4c5c_JaffaCakes118

Files

27d37f535b36c8eea738227da75c4c5c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0b9b27bfe24ab4f602cff9acb9401223

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
VirtualProtectEx
GetModuleFileNameA
GetCurrentProcess
IsBadReadPtr
GetProcAddress
GetModuleHandleA
Sleep
GetCommandLineA
GlobalFree
ReadProcessMemory
GlobalLock
GlobalAlloc

user32

GetKeyboardState
UnhookWindowsHookEx
CallNextHookEx
ToAscii
SetWindowsHookExA

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

msvcrt

_adjust_fdiv
malloc
_initterm
free
_stricmp
strlen
strstr
strncpy
memcpy
strrchr
strcpy
strcmp
strcat
sprintf
??2@YAPAXI@Z

Exports

Exports

fa
fc

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 275B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ