4448f95df6b0f63aaf9f60831df18ee1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4448f95df6b0f63aaf9f60831df18ee1_JaffaCakes118
Size

304KB
MD5

4448f95df6b0f63aaf9f60831df18ee1
SHA1

88c18ee940950fcbea753c8b86f857aba46d255e
SHA256

624df133b699027d6337d1515621649b167ac9ba1ee5d3ccaf8d335f6c64e795
SHA512

ab981d794b2da733c17ceb88a74fcb6405a7a372a437ca13d294cb6925e47a82d4b09d5ba637e57f1e47778904c68ff4a0d1d6e02818fa192efd9dde38af2b32
SSDEEP

6144:mRVLxlwHyjg8jQ3XT9U19yBf0/JGkZh7fvcKd13M2M1BX+Idk:2lwS088T2PyBSJGi7sKd1c2M1UL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4448f95df6b0f63aaf9f60831df18ee1_JaffaCakes118

Files

4448f95df6b0f63aaf9f60831df18ee1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e4e7bd25ffd493cb761a644950243c9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
Module32First
Heap32First
VirtualProtect
WriteFile
GetEnvironmentVariableW
VirtualFree
VirtualAlloc
Sleep
Heap32Next

user32

SendMessageA
GetMessagePos
PostMessageA

wininet

InternetConnectA
FtpGetCurrentDirectoryA
InternetCloseHandle

ole32

CoInitialize
OleInitialize
CoUninitialize

advapi32

RegQueryValueA
RegQueryValueExA
RegEnumValueA

Sections

zJTuTjYF
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GBnjmhwi
Size: 1024B - Virtual size: 986B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

YFjLyISo
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

OkEiAXWY
Size: 265KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE