5a26b4b18e5531001c176c04e2dad024_JaffaCakes118 | Triage

Sharing

General

Target

5a26b4b18e5531001c176c04e2dad024_JaffaCakes118
Size

32KB
MD5

5a26b4b18e5531001c176c04e2dad024
SHA1

d51dd8d3d4b493c79fda9eaa10ee72388e255426
SHA256

3d7e507c7db240372934f26bcb5d966206b5009939412f525e5079cfff221f46
SHA512

0de0828419a03105f326b787c8e01a6dde6086e1208bce00220301c63fc2c0025278451d12497d3e1969883b313deefdc72046e66705a89586143f8f0e3e83a0
SSDEEP

192:u0hC7dehzrKzOl+za7uerDho6y/fV3u8u514skIVFPaOFPWk1vMTP+4U/Tnb:pYdONl++hrDh2u8ubrTVVWk1v4P+4cT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a26b4b18e5531001c176c04e2dad024_JaffaCakes118

Files

5a26b4b18e5531001c176c04e2dad024_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9bcba6de75edbbf4c88a1e093069227c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

msvcrt

strstr
rand
srand
memset
memcpy

kernel32

lstrcmpA
FlushInstructionCache
VirtualProtect
SetLastError
GetCommandLineA
GetModuleFileNameA
CreateThread
GlobalAlloc
CreateProcessA
GetSystemDirectoryA
lstrcatA
DeleteFileA
GlobalFindAtomA
GlobalAddAtomA
GetCurrentProcess
TerminateProcess
Sleep
GetTickCount
GetPrivateProfileStringA
ExpandEnvironmentStringsA
lstrcpyA
CreateFileA
lstrlenA
OutputDebugStringA

user32

CallNextHookEx
LoadCursorA
CopyIcon
SetSystemCursor
wsprintfA
SetWindowsHookExA
CharLowerA
CharUpperA

Exports

Exports

Init

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ