4dbf5be40b25e281e30c1bb6fc1f8824_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4dbf5be40b25e281e30c1bb6fc1f8824_JaffaCakes118
Size

6KB
MD5

4dbf5be40b25e281e30c1bb6fc1f8824
SHA1

5965043e9f69c40fae56d933ccb5dbc310b4cd36
SHA256

a757e4fffbc52a1af5a0baf59d32292de968b2d9ff63daf99d72806ca257c840
SHA512

9e8c3ff5aacf621a8ce8f78ef9ffcf0feaf79152071bf8a987041c6beb24ce91b2b6ecda50ca9abe03c2fec4df95194ab4a5354332b893fcf8e8c2d20fca77c6
SSDEEP

96:HWUXG0agmGCCctuElAoIrjAjtYPRMlqEezayfbfMJ:2UXG0agmGSIElJIrjatYGMEeH7+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dbf5be40b25e281e30c1bb6fc1f8824_JaffaCakes118

Files

4dbf5be40b25e281e30c1bb6fc1f8824_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b97a98a1f6d4c39730b3c4af21060345

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateMutexA
GetModuleFileNameA
GetCurrentProcess
GlobalFree
GlobalUnlock
GlobalLock
CreateThread
IsBadReadPtr
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
CloseHandle
Sleep
GetLocalTime
SetLocalTime
GlobalAlloc

user32

CallNextHookEx
SetWindowsHookExA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

msvcrt

sprintf
_adjust_fdiv
malloc
_initterm
free
strrchr
strncpy
_stricmp
??2@YAPAXI@Z
strlen
memcpy
??3@YAXPAX@Z
memset

Exports

Exports

fx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ