42a3a5338c1171a5e70705dea2229dde_JaffaCakes118 | Triage

Sharing

General

Target

42a3a5338c1171a5e70705dea2229dde_JaffaCakes118
Size

18KB
MD5

42a3a5338c1171a5e70705dea2229dde
SHA1

faf05f04c46d5bd566db1ebcb720b2c6964dc3c2
SHA256

b71aa40be66930727fbfee204fd220071810d0dba0ba511b78a2bf22c6787181
SHA512

f16629895939b2ae9ead3100ed77e6c05d0b9629da38a78cb7921e2508d0ec5dd039282beb355d416aff46e619bb4904e0a0a5e9ede920e0f457279222a8a357
SSDEEP

384:t4qY9rc/HlqUOEY7Y57DHus69CkvEyWnr99RD8KOdrejemKIi:ttzlYcOYnRohdrejemg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42a3a5338c1171a5e70705dea2229dde_JaffaCakes118

Files

42a3a5338c1171a5e70705dea2229dde_JaffaCakes118
.dll windows:4 windows x86 arch:x86

13b9ab422efeb4b61d46b03d31174d2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
ExitProcess
lstrcpyA
lstrcmpA
Sleep
lstrlenA
lstrcmpiA
GetTickCount
lstrcpynA
WideCharToMultiByte
GetSystemTime
GetPrivateProfileStringA
CloseHandle
ReadFile
CreateFileA
CreateThread
SetFilePointer
GetModuleFileNameA
UnmapViewOfFile
OutputDebugStringA
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
RtlUnwind

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
FindWindowA

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA

Exports

Exports

Hookoff
Hookon

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ