353538b3c26a97ceb95e601e61be25eb_JaffaCakes118 | Triage

Sharing

General

Target

353538b3c26a97ceb95e601e61be25eb_JaffaCakes118
Size

28KB
MD5

353538b3c26a97ceb95e601e61be25eb
SHA1

06d904310d27177b1d8d0d80c9a1ec8c691e0ea3
SHA256

9ce283535360c9a654459765339dcb7932ce99a6690ffe1711dc09db76f16ec8
SHA512

19a87d638eebac77b03613d02c4ce0ec878f184805852f81cd0c43d40cfe059a1be219a76b228b904c0dc79ab38677ddcfd2c9b7b8e4b7ca29bc4f39357a39c6
SSDEEP

192:miLtPeA4N7ztTrDqPFobbkWihplDueKGSNwvDsUS+nBjpQ57ro9ci6VAi+:mueRtTqPapsKJ2IUSGBjpqSciNi+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
353538b3c26a97ceb95e601e61be25eb_JaffaCakes118

Files

353538b3c26a97ceb95e601e61be25eb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a1b58cab9ebec3d4bae2216209046390

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowTextA
GetWindowThreadProcessId
EnumWindows

ws2_32

closesocket
ntohs

msvcrt

strcmp
strncpy
atoi
_initterm
malloc
_adjust_fdiv
_itoa
strstr
memcpy
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
time
memset
_strlwr
_stricmp
free

kernel32

lstrlenA
CopyFileA
GetProcAddress
Sleep
GetModuleHandleA
CreateThread
GetModuleFileNameA
GetTempPathA
IsBadReadPtr
lstrcpyA
OutputDebugStringA
ReadProcessMemory
lstrcatA
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
LoadLibraryA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ