34756bd3747a94655dc0e477ba59a16e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

34756bd3747a94655dc0e477ba59a16e_JaffaCakes118
Size

27KB
MD5

34756bd3747a94655dc0e477ba59a16e
SHA1

c7816897a4ce8bb97ca753f6d1a1980827015ae2
SHA256

a341588a3ff1bc88cafd916a097a4ebded05e495500eb9b4a56f38c19f452146
SHA512

831b4b6a59474ae3b7a97c0c0e74c0611c6680acec3d51a8683210a07ae7635160c23ee7b69e163eee21ec5f4e3c8b6d9d100984148e21f7deb25e75675d567b
SSDEEP

384:YMVzCA4fePvuGWON1ZD+FtPaiQrfryejKLGGdqpfj2IO7tcssnnc:YWz0SRrDOAy+KBEpfiP7tJKnc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34756bd3747a94655dc0e477ba59a16e_JaffaCakes118

Files

34756bd3747a94655dc0e477ba59a16e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4c4846861b250978ebde9ce3daebd496

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
Sleep
lstrcpyA
lstrcmpA
ExitProcess
lstrcmpiA
lstrlenA
GetTickCount
lstrcpynA
GetModuleHandleA
VirtualAlloc
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
ReadFile
CreateFileA
CreateThread
SetFilePointer
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
RtlUnwind

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
FindWindowA

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA

Exports

Exports

DivxDecode
Hookoff
Hookon
InitializeDivxDecoder
SetOutputFormat
UnInitializeDivxDecoder
ftsWordBreak

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ