3889e655c3dabcfc7fead6d4860c283d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3889e655c3dabcfc7fead6d4860c283d_JaffaCakes118
Size

24KB
MD5

3889e655c3dabcfc7fead6d4860c283d
SHA1

bdb8686b6beb8ccc22801f38facd3974323a6ac4
SHA256

969f5602251dbbf31df0f07cb07d36c1f3d06cea340e569d3e0db76f52254eb6
SHA512

dbac61fe10dc50b8d3893f0c602388d9a4c54c7e036b6fd33ff776984c73e9bc3ab850d6d2b3c7da3f059af9e4fc6fbdb8ad0f8252b81fe871d6ccb1ea10476c
SSDEEP

192:C6mKuVy7bCA+xVul3/CHo5MbvmR4UV6vhOZn9zHJpC8ZHBTb59npUfj:wKn6w/KoaDUV6Q1lZBTN9np8j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3889e655c3dabcfc7fead6d4860c283d_JaffaCakes118

Files

3889e655c3dabcfc7fead6d4860c283d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

87d2030f0f2f418e46a0b8824c69c7c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
WaitForSingleObject
GetCurrentProcess
LoadLibraryA
OpenEventW
DeleteCriticalSection
Sleep
CreateThread
InitializeCriticalSection
DisableThreadLibraryCalls
GetProcAddress
VirtualAlloc
VirtualProtect
CloseHandle
VirtualFree
GetACP
WideCharToMultiByte

advapi32

RegSetValueExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegDeleteValueA

psapi

GetModuleFileNameExW

ws2_32

recv
closesocket
gethostbyname
connect
inet_addr
ntohl
send
htons
htonl
WSASocketW
WSACleanup
WSAStartup
inet_ntoa

wininet

InternetOpenUrlA
InternetOpenW
InternetReadFile
InternetCloseHandle

msvcrt

??2@YAPAXI@Z
_adjust_fdiv
_initterm
__CxxFrameHandler
realloc
strrchr
strncpy
atoi
memmove
_except_handler3
_wfopen
wcslen
malloc
??3@YAXPAX@Z
_stat
fread
fclose
free

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ