479a2953b394cbd8176807ef460d8cad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

479a2953b394cbd8176807ef460d8cad_JaffaCakes118
Size

9KB
MD5

479a2953b394cbd8176807ef460d8cad
SHA1

62c5f26a851d2d5f179afe6ec5a1501585fc9fb0
SHA256

b6b5a1253389be0ef4714e0f8742f19dbc07278f42ea236c4829aaaf4f41d203
SHA512

4c097bbbfc9057782197273f4a9f677787a6fc59e118ffccdfc19bf9c393d0f3313b05b61a5877205abfa54b13f997562bd736fd50beb4fcad59f5b95704789c
SSDEEP

96:0apT99PQtwnBnb/I8Y6kvTUbmIe3fEICr2c/dd1I4TXmEaflB+I6g53:0aP9ItsbuDIy/RwWLn+It53

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
479a2953b394cbd8176807ef460d8cad_JaffaCakes118

Files

479a2953b394cbd8176807ef460d8cad_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5639056ef331e4902ca132cb897c32d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadProcessMemory
GlobalLock
GlobalAlloc
CreateThread
GlobalFree
IsBadReadPtr
GetPrivateProfileStringA
Sleep
WriteProcessMemory
GetModuleFileNameA
GetCurrentProcess
WideCharToMultiByte

user32

UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

msvcrt

_adjust_fdiv
_stricmp
malloc
_initterm
free
memset
??3@YAXPAX@Z
strcat
strrchr
strcpy
sprintf
??2@YAPAXI@Z
strlen
memcpy

Exports

Exports

fa
fc

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ