28c0858912345f7b8182ba87d3e87da7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28c0858912345f7b8182ba87d3e87da7_JaffaCakes118
Size

8KB
MD5

28c0858912345f7b8182ba87d3e87da7
SHA1

c9da045450ad61b6825f8cb1716d666b54d0a70a
SHA256

9d4a26dd75ec59918890bef31546ba2fdabbae9d9e47b0a2fe947e03ae945bf4
SHA512

242226928838acbe53d8793de84d7d0bdbdb4cd1a7e31b99541ca3f0054f0090959eef4663098d2c64666a283e3d99e776680b073d9f20a40382f445cb14179e
SSDEEP

96:3bzfHbvjMWyDJd0USaq4u7Ka6zqb538GRtNxDF61NeAYxCbM+ZUi4QLNNY:rzfH4DJd0UZqR4mN3zRCKinNY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28c0858912345f7b8182ba87d3e87da7_JaffaCakes118

Files

28c0858912345f7b8182ba87d3e87da7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f75f391ba018fef66a96c75d58d1d125

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
htons
socket
WSAStartup
closesocket
recv
ioctlsocket
connect
WSAGetLastError
__WSAFDIsSet
select
send
WSACleanup

kernel32

lstrlenA
Sleep
CreateThread
GetComputerNameA
WriteFile
lstrcpyA
SetFilePointer
lstrcmpA
GetSystemTime
CloseHandle
GetFileSize
GetSystemDirectoryA
CreateFileA
lstrcatA
GetWindowsDirectoryA
ReadFile

user32

GetKeyNameTextA
SetWindowsHookExA
CharUpperBuffA
GetMessageA
SetKeyboardState
PeekMessageA
wsprintfA
ToAscii
GetKeyboardState
UnhookWindowsHookEx
DispatchMessageA
GetWindowTextA
GetActiveWindow
CallNextHookEx

advapi32

RegCreateKeyA
RegQueryValueExA
RegCloseKey

msvcrt

strstr

Exports

Exports

aaa
bbb

Sections

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 342B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ