27ef8c0cee3eb729fc1a7d73fac89bc0_JaffaCakes118 | Triage

Sharing

General

Target

27ef8c0cee3eb729fc1a7d73fac89bc0_JaffaCakes118
Size

28KB
MD5

27ef8c0cee3eb729fc1a7d73fac89bc0
SHA1

fb62068abaf1d9d443e650d0e49145df84ac3c75
SHA256

e162d5243480892bf2c343918a63516ce85de6e3ed7304853a036c21495f7dab
SHA512

38f9d249fb96fbf5b98a6b3b7b51a6992a5caf00c4423918e761a8950e41222a7c2f628597e949c6595d42bba8d7926952851ecdbb7f438007626d85cde94636
SSDEEP

192:zPBhA4N7zO2VtOwB7w9WajugFUf1mYwgDzwbD+qW1wAro9cIT:zXRO8OONzRfhZfwXfW11Sc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27ef8c0cee3eb729fc1a7d73fac89bc0_JaffaCakes118

Files

27ef8c0cee3eb729fc1a7d73fac89bc0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a1b58cab9ebec3d4bae2216209046390

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowTextA
GetWindowThreadProcessId
EnumWindows

ws2_32

closesocket
ntohs

msvcrt

strcmp
strncpy
atoi
_initterm
malloc
_adjust_fdiv
_itoa
strstr
memcpy
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
time
memset
_strlwr
_stricmp
free

kernel32

lstrlenA
CopyFileA
GetProcAddress
Sleep
GetModuleHandleA
CreateThread
GetModuleFileNameA
GetTempPathA
IsBadReadPtr
lstrcpyA
OutputDebugStringA
ReadProcessMemory
lstrcatA
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
LoadLibraryA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ