306939c64708b9177ac7464314663e4d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

306939c64708b9177ac7464314663e4d_JaffaCakes118
Size

6KB
MD5

306939c64708b9177ac7464314663e4d
SHA1

92ca97c4bf9250730daca4d00d37b2c9d949f852
SHA256

5a73e1cf8c1f377cde8e05760a5ca55e626c8f993076d00f18b54bf8f5026934
SHA512

0464f8c3a9ee1992aa6ed97cd6fda09bb390f12f181c751fcb895d0bb18e71c00a8c80b01113869adca3af717e602bb7aa636680cebde1dd54c6e22e4da384f9
SSDEEP

96:ZRTKPjOz8dLWrQcL4ZwlK4msjZNwjZ0ozdgiaMps6uIAiC:3KPjM4Zwgo+lFs6+p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
306939c64708b9177ac7464314663e4d_JaffaCakes118

Files

306939c64708b9177ac7464314663e4d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a0fb1c59ebc5d54610f8c0bf908ae9b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
Sleep
CloseHandle
CreateThread
GetLastError
CreateMutexA
ReadProcessMemory
GetProcAddress
GetModuleHandleA

ws2_32

WSASend
getpeername
inet_ntoa
ntohs
send
recv

user32

SetWindowsHookExA
CallNextHookEx

msvcrt

_adjust_fdiv
_initterm
free
fopen
fputs
fclose
_strdup
strcat
strncpy
malloc
strlen
strstr
strchr
strcpy
strcmp

Sections

.bss
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ