4249dd6e304f7a9f73b7fbfa399eb541_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4249dd6e304f7a9f73b7fbfa399eb541_JaffaCakes118
Size

26KB
MD5

4249dd6e304f7a9f73b7fbfa399eb541
SHA1

1e6c739ca0e8fbae43ed410594ec5339c71a6249
SHA256

5db9903aacfa79c7a7f4d221b5b62961594a4cd9448d9eff3e48818d21d2f6cc
SHA512

d37fe39f76ba75ce88910055eadc57d810d30733a3a266a6197ac272e37c025e722e7de3a94d0f5c9872514e325af1b2f65cfef9f8d913d96fbcc0d402e6cd5f
SSDEEP

384:K+0g4Q/BUfQowbDVO11/OuFtPaiQrfl9A6HZsjosIZvj2IOitclJpj:K+mo1VO11/O+gP5sPIZviPitoJpj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4249dd6e304f7a9f73b7fbfa399eb541_JaffaCakes118

Files

4249dd6e304f7a9f73b7fbfa399eb541_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4c4846861b250978ebde9ce3daebd496

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
Sleep
lstrcpyA
lstrcmpA
ExitProcess
lstrcmpiA
lstrlenA
GetTickCount
lstrcpynA
GetModuleHandleA
VirtualAlloc
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
ReadFile
CreateFileA
CreateThread
SetFilePointer
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
RtlUnwind

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
FindWindowA

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA

Exports

Exports

DivxDecode
Hookoff
Hookon
InitializeDivxDecoder
SetOutputFormat
UnInitializeDivxDecoder
ftsWordBreak

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ