44ea91f9faeed1cca611e927294b1d5e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44ea91f9faeed1cca611e927294b1d5e_JaffaCakes118
Size

5KB
MD5

44ea91f9faeed1cca611e927294b1d5e
SHA1

f134f967c670bb9425a9dbe954dd96c1b61d1654
SHA256

84fe3636a1b46994776ace85947187258da94938b9bbd611f568fde9c26a48ab
SHA512

18e7e1bb494743b47c876b86bac1beed349aff06189ac2912813010f96e85c3a7c9eac87044b6dea13ac606e17e06719180fc91b2f56f01e3fe584911204adcb
SSDEEP

96:qChtcAQrnf1hRV2Ii93022EnNyWgpsbc88fy0oHfynlV5WRzV:qCDH21h6Ii930EJg6yQw1Wv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44ea91f9faeed1cca611e927294b1d5e_JaffaCakes118

Files

44ea91f9faeed1cca611e927294b1d5e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6496f6e5cdfe42da4312ef03a8b7d4f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\WORK 源码\lq\Release\lq.pdb

Imports

kernel32

GetModuleHandleA
CreateThread
GetProcAddress
VirtualAlloc
Sleep
CreateFileA
ReadFile
CloseHandle
TerminateProcess
WriteFile
WideCharToMultiByte
lstrlenW
OutputDebugStringA
lstrlenA
lstrcpyA

user32

GetWindowTextA
FindWindowExA
FindWindowA
wsprintfA

ws2_32

socket
htons
connect
closesocket
WSAStartup
recv
send
inet_addr

msvcrt

strstr
memcpy
memset

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1013B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ