4aff43637a836a9363208306bc01f18c_JaffaCakes118 | Triage

Sharing

General

Target

4aff43637a836a9363208306bc01f18c_JaffaCakes118
Size

5KB
MD5

4aff43637a836a9363208306bc01f18c
SHA1

c4277e6b10bffb607cfe0e95b7ae5a23670597f0
SHA256

3c26118942565ba4e7edebb6b0050e9cfa00ea1210fdbbf74053c3ae5531e25a
SHA512

a22712678cd6dd38a5d6c69c5d6d7a8e64633f619492bbd24288d762bf66c41aa99ce9ef77932351360e932b2632486ed2689e0d67c7468ed14f3cff2fe5c01c
SSDEEP

48:azXzUAnbNMIUvQpt5BMOBjSjhS87qjxlRY566tYf6Cih4KEanfQaEjO18v/Z:szUSb7ogLyi67qqYAw6CiFEafh+7v/Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4aff43637a836a9363208306bc01f18c_JaffaCakes118

Files

4aff43637a836a9363208306bc01f18c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

07f1aec27dfadf36d04c9548940b40b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetCurrentProcess
CreateThread
VirtualProtectEx
GetModuleFileNameA

user32

IsWindowVisible
SendMessageA
EnumChildWindows
FindWindowExA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetClassNameA
FindWindowA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

msvcrt

malloc
_initterm
free
memcpy
??3@YAXPAX@Z
strcmp
_adjust_fdiv
_stricmp
strlen
??2@YAPAXI@Z
sprintf
strcpy
strrchr

Exports

Exports

fa
fc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ