47003c913b0f9985f2615233926e7e7d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47003c913b0f9985f2615233926e7e7d_JaffaCakes118
Size

21KB
MD5

47003c913b0f9985f2615233926e7e7d
SHA1

29e4784a698ddde7405f47000d37d7d1d47d456e
SHA256

3e06be612d8c369fd60c409b02233120cc19a84265d66413965ea5d00882aa1b
SHA512

50fde692259efe6ca372f41d20b61ea2060f2476d4e50aed6dbf8b502ea377b3058a303b0d9f63359856e686d415b98ca17dd943b4053aed3006db7095a9db32
SSDEEP

384:Cxbu12MRkMqld/MlrhUpZxb5Qbor47dyMxAJyjBKa9:j1pWMqlKrupZas47lt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47003c913b0f9985f2615233926e7e7d_JaffaCakes118

Files

47003c913b0f9985f2615233926e7e7d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7c55e39a98d8aef8ce47e2db4e255ea6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
IsBadReadPtr
VirtualProtect
CloseHandle
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
lstrcmpA
OpenProcess
GetPrivateProfileStringA
Sleep
TerminateProcess
lstrcpyA
lstrlenA
GetTickCount
lstrcpynA
WritePrivateProfileStringA
GetSystemTime
GetTempPathA
GetModuleFileNameA
GetModuleHandleA
ReadFile
SetFilePointer
CreateFileA
CreateThread
CopyFileA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA

user32

CallNextHookEx
SetWindowsHookExA
GetWindowTextA
PostThreadMessageA
FindWindowA

Exports

Exports

COMResModuleInstance
prkai
progof

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ