4cc93b91877357eaa020718ea72899d5_JaffaCakes118 | Triage

Sharing

General

Target

4cc93b91877357eaa020718ea72899d5_JaffaCakes118
Size

19KB
MD5

4cc93b91877357eaa020718ea72899d5
SHA1

5851d22d4324e3fa343bd92d3a00a0b1796ad40b
SHA256

c68ad6cfdde2a36f4719a4747b200460fb1cd378ed6352e894b38b5e4fbc3129
SHA512

261983799dd5672a1574c65c36759a8b9d8809a22d2069c94173bbdf4e3e715ae509ec7d8b21155fb1a844b37489880c44ceeaa222cba8bb9765c97238d57d06
SSDEEP

384:9bRMjqFkKUecsggoTeKvfUKH2dfs7iY36AHAw8KOkvQGkEeN2Y:9risoUKHhv36Q4hkvQGkVYY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cc93b91877357eaa020718ea72899d5_JaffaCakes118

Files

4cc93b91877357eaa020718ea72899d5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

13b9ab422efeb4b61d46b03d31174d2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
ExitProcess
lstrcpyA
lstrcmpA
Sleep
lstrlenA
lstrcmpiA
GetTickCount
lstrcpynA
WideCharToMultiByte
GetSystemTime
GetPrivateProfileStringA
CloseHandle
ReadFile
CreateFileA
CreateThread
SetFilePointer
GetModuleFileNameA
UnmapViewOfFile
OutputDebugStringA
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
RtlUnwind

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
FindWindowA

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA

Exports

Exports

Hookoff
Hookon

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ