4a45033605baad611c2cf3ddf0ccf581_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a45033605baad611c2cf3ddf0ccf581_JaffaCakes118
Size

4KB
MD5

4a45033605baad611c2cf3ddf0ccf581
SHA1

8e0fb2d7b345341b89c3bd0653d260718ad03f9c
SHA256

7129e599852127db30f240b86d0e407ea079bee665d1158e298ff59a56e82240
SHA512

001193ec11268132ca568a68754d8aaeebbda9948d49463586cd50273222d708fd8b6f1a4a0e5278a0b7f50957aa0612d57c8e16da737ebf677b30ab53e53bbc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a45033605baad611c2cf3ddf0ccf581_JaffaCakes118

Files

4a45033605baad611c2cf3ddf0ccf581_JaffaCakes118
.dll windows:1 windows x86 arch:x86

2e3209d575b7442922b317e94eeab656

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
CreateThread
ExitProcess
GetModuleFileNameA
LocalAlloc
Sleep
VirtualProtect
WaitForSingleObject
lstrlenA
lstrlenW

user32

CallWindowProcA
CreateDialogParamW
SetWindowLongA
SetWindowTextW
ShowWindow

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueExA

ws2_32

WSASocketA
WSAStartup
closesocket
connect
gethostbyname
ntohs
send
socket

wininet

InternetConnectA
InternetOpenUrlA

Exports

Exports

Hooks

Sections

.code
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE