4d5cbabde4cd98e77f4e1625c8434de9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d5cbabde4cd98e77f4e1625c8434de9_JaffaCakes118
Size

11KB
MD5

4d5cbabde4cd98e77f4e1625c8434de9
SHA1

b09b2275547d9f1d5ae76f2b91079ca3cb281668
SHA256

c0d20042770004d4dba97ddbead7afe993e946d908ce35b23c060867086879ab
SHA512

e9b9a44239f19f38246f6298e3c9ace13c502659ebc50eb047cabb3814647554eda1780ee001f6c9bdfe41d7a030bad66bae40df9876e1931c412e04d663c83b
SSDEEP

192:1yPJukD4xD7FkXb16IBJBbuw3JExww9oFVAFy+tTDMc:4QBlRk/Tuw5EiAtD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d5cbabde4cd98e77f4e1625c8434de9_JaffaCakes118

Files

4d5cbabde4cd98e77f4e1625c8434de9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

30c5c62f7224bb74319feaca90bed5c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
CloseHandle
CompareStringA
IsBadReadPtr
LoadLibraryA
GetModuleHandleA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
GetProcessHeap
GetProcAddress
OpenProcess
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringA
GetCurrentProcess
GetCurrentProcessId
CreateThread
FreeLibrary
GetModuleFileNameA
HeapAlloc
Sleep
VirtualAllocEx
GetTickCount

user32

FindWindowA
GetWindowThreadProcessId
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
wsprintfA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

msvcrt

strrchr
strstr
_except_handler3

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ