5c8eb5ad062345f3731b5b566e33a914_JaffaCakes118 | Triage

Sharing

General

Target

5c8eb5ad062345f3731b5b566e33a914_JaffaCakes118
Size

7KB
MD5

5c8eb5ad062345f3731b5b566e33a914
SHA1

3b74688e41526a6e1bb9b83cf3d615548a5c24b5
SHA256

4c3130dea9a3aa0e237d12209a267de24e1d047b5621361f103d164689ba159d
SHA512

224057e711be2e1fe1195d0e73145a5d79e1638155981e97a9c088c2fc15c478ea7b04084ba6bb8ef9b1ee4f4b7488aae36a41ed541716f4658170935490407b
SSDEEP

96:ADGz9Zl3tchs0O0lgxMxheauTNnROtOQWmkSLwafu9TXJn:Aiz9jtX0OcgxMxcaOkAQWvWuVh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c8eb5ad062345f3731b5b566e33a914_JaffaCakes118

Files

5c8eb5ad062345f3731b5b566e33a914_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d6769f92555e166088206f9e2b61d6f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
Sleep
GetCommandLineA
GlobalFree
GetProcAddress
GlobalLock
GlobalAlloc
VirtualProtectEx
GetCurrentProcess
CreateThread
ReadProcessMemory
GetModuleFileNameA

user32

GetKeyboardState
ToAscii
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA

msvcrt

_initterm
malloc
_adjust_fdiv
strrchr
memset
strcpy
strcmp
strcat
sprintf
??2@YAPAXI@Z
strncpy
strstr
strlen
??3@YAXPAX@Z
memcpy
free
_stricmp

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

Exports

Exports

fa
fb

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 275B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ