37ecece1602a862c74edda566b9a9e45_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37ecece1602a862c74edda566b9a9e45_JaffaCakes118
Size

11KB
MD5

37ecece1602a862c74edda566b9a9e45
SHA1

0e4dbfbb66e558371acf31e2c2d81baf96fec011
SHA256

ca18d9af5ff8732cad9e6f8cb19170ce072e45045eabb1c2aff72da339061e18
SHA512

000aff33398f375b4a9c1c058808d73d62a47414684ff0bdfabcecb7f729fb22d34336b3de35621837538601f37dcd358ea7ad9f6d1ffa83d0e4631ed5d5ccf7
SSDEEP

192:qdNk/2H93OgL6OZh6BuvLixHyBBSBdllLo9wmcY:qdR93PWjySdlNo9wm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37ecece1602a862c74edda566b9a9e45_JaffaCakes118

Files

37ecece1602a862c74edda566b9a9e45_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8a52d0be978d72f403a1d471e0dfce0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadProcessMemory
GlobalFree
GlobalLock
GlobalAlloc
GetCurrentProcess
GetModuleFileNameA
CloseHandle
Sleep
VirtualProtectEx
CreateThread
IsBadReadPtr
GetStringTypeW
RtlUnwind
GetStringTypeA
MultiByteToWideChar
WriteProcessMemory
GetPrivateProfileStringA

user32

UnhookWindowsHookEx
SetWindowsHookExA
wsprintfA
FindWindowA
GetWindowTextA
CallNextHookEx

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ