4411313a3b8ce94925d93036d9e95b09_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4411313a3b8ce94925d93036d9e95b09_JaffaCakes118
Size

20KB
MD5

4411313a3b8ce94925d93036d9e95b09
SHA1

de53d288e9b2922eab0968fab9b44bc90239e9da
SHA256

6931c7d04c9d2456bb6091af248de00fe963dee0f3ccf05b0447443a78dd469a
SHA512

2f56fd7d5e3a5c2b1f6f5bdc8115d4b1c72e00f12ef1376293f204c3bc47578e35c88dd7715c99dcdd5b3fa22b56e092e95a2946c14d2d9e899767c6081f3462
SSDEEP

384:EtFrGgTpeR+De86sZqimlTbzg/m87RP7QaxorHUEh1T/vqqx:EtFrGgTpeR+De86PlTbzg/B7Hx8HUCTT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4411313a3b8ce94925d93036d9e95b09_JaffaCakes118

Files

4411313a3b8ce94925d93036d9e95b09_JaffaCakes118
.dll windows:4 windows x86 arch:x86

71142562ab0da34e23fbd2cffa5bd933

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
VirtualQuery
OutputDebugStringA
GetProcAddress
LoadLibraryA
Sleep
ExitThread
CreateThread
CreateProcessA
WriteProcessMemory
GetModuleHandleA
ReadProcessMemory
GetSystemDirectoryA

user32

DispatchMessageA
GetMessageA
TranslateMessage
SetWindowsHookExA
CallNextHookEx

ws2_32

gethostbyname
WSAStartup
socket
htons
inet_addr
connect
send
closesocket
recv
WSACleanup

wininet

HttpSendRequestW
HttpSendRequestA

msvcrt

_except_handler3
sprintf
_stricmp

Exports

Exports

FURONGJIEJIE

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 986B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ