4991ee08a5bf0902f1fb91f2c626c297_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4991ee08a5bf0902f1fb91f2c626c297_JaffaCakes118
Size

19KB
MD5

4991ee08a5bf0902f1fb91f2c626c297
SHA1

0c3f2fb4e471c2d8705b526b38f4fb8b10567f5e
SHA256

0a18e9303282cb7a9cafbfe9b40915d7d06e442b3e05fc3faca0175eb5ac1d00
SHA512

dbad3cbecf928e91e5c1eebbac8d2fb9f6685904f5d4033216b70a6acdfcec8212aa60c6fa3d466f8d261a5e6a49c52b08aca37414ea8a48e747cc94fece224f
SSDEEP

384:XR5+SznGg0PYpI6+XoXswhjPY1XJpJgLa0MpLex:XjrTNPLXs8b4gLa1o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4991ee08a5bf0902f1fb91f2c626c297_JaffaCakes118

Files

4991ee08a5bf0902f1fb91f2c626c297_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9713493bdbfef3a3f891808148bb5617

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

shell32

ord680

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegNotifyChangeKeyValue

user32

UnhookWindowsHookEx
SetWindowsHookExA
SetWindowTextA
GetWindowTextA
GetParent
GetFocus
GetClassNameA
FindWindowA
EnumChildWindows
CharLowerBuffA
CallWindowProcA
CallNextHookEx
wsprintfA
MessageBoxA

kernel32

ExitThread
FreeLibrary
lstrcpynA
lstrlenA
lstrcpyA
lstrcmpA
lstrcatA
VirtualProtect
VirtualFree
VirtualAlloc
Sleep
RtlFillMemory
LoadLibraryA
GetVolumeInformationA
ExitProcess
GetTempPathA
GetSystemInfo
GetProcAddress
GetModuleHandleA
CloseHandle
CreateThread
GetModuleFileNameA

shlwapi

StrToIntA
StrStrA

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ