46a0e6b300d545b7d89e16a953db9bec_JaffaCakes118 | Triage

Sharing

General

Target

46a0e6b300d545b7d89e16a953db9bec_JaffaCakes118
Size

16KB
MD5

46a0e6b300d545b7d89e16a953db9bec
SHA1

4e0fba3df9c7177584552946c1366a3021e31d30
SHA256

b3ca8a853663932140ea03b05d5422087e1ceae3071bf72545e919c73d24ad3e
SHA512

ad4546e3946da08160d48bc04e0aec683de462960e13233525477a348cad835416c51e715a5c55b5d95b05b795b6efb153a441829ffff86e8d9e9f31dca33601
SSDEEP

192:ZrkunGSPomWniYAyLIhEUOh4xq9sgfxqSE98uBBQ6PRQkbJPyDwgHHLIp:ZAnSQ9np6LIKoEquBBQARQkNPyJHkp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46a0e6b300d545b7d89e16a953db9bec_JaffaCakes118

Files

46a0e6b300d545b7d89e16a953db9bec_JaffaCakes118
.dll windows:4 windows x86 arch:x86

21cfc99c7dcbbcd9b4bf90f6b5c41030

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory
RtlUnwind

ws2_32

closesocket
gethostname

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle

kernel32

ReadFile
GetSystemDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateThread
lstrlenA
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WritePrivateProfileStringA
WaitForSingleObject
TerminateThread
Sleep
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
VirtualProtectEx
VirtualAlloc
VirtualFree
IsBadReadPtr

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
SetTimer
wsprintfA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ