59c9837866b192294da0e3f57214e3e4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

59c9837866b192294da0e3f57214e3e4_JaffaCakes118
Size

9KB
MD5

59c9837866b192294da0e3f57214e3e4
SHA1

078baafbacdd16bd4f70f58880332815722585b6
SHA256

7e40c45ce160c838010d94f9e08c89419758cb74ecb0d54ae321bfeabab947bd
SHA512

04583d3b40f36b00bd294e54b253b63f63cdc64ade005b075166607c7405f481c9525f696630205a12c1d6abd9ba1d9e3c94bc4a318710f2b6a311a50e5ecf65
SSDEEP

192:onAz/p+PwNbirspQ69k8TUoxydGrQX2mmAaZRIg1XA4b:/+PQPpyOxyG1Iqrb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59c9837866b192294da0e3f57214e3e4_JaffaCakes118

Files

59c9837866b192294da0e3f57214e3e4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

49155e63a400fb799e94606f0086c305

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
GetCurrentProcess
CloseHandle
CreateThread
GetModuleFileNameA
GetComputerNameA
GetCurrentProcessId
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
VirtualFree
GetProcAddress
VirtualAlloc

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
wsprintfA
FindWindowA
GetWindowThreadProcessId

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ