5d67ff183f865c4ede044f74504bb71b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d67ff183f865c4ede044f74504bb71b_JaffaCakes118
Size

8KB
MD5

5d67ff183f865c4ede044f74504bb71b
SHA1

17b2e4ccb7cec06db08caa007d14ae8343761a7c
SHA256

676cd91524de36c990a24a4c1eba7beb0f890efa1dff7eba2d49fc636dfa97eb
SHA512

2fe09ac5eb3899a07aed44484354fd613e5e56279d2480eddc7eb8fbc152270d35dee028ddcf707b7c59996eda5c56eb1f9516297856f48609d9b5e99836aefb
SSDEEP

96:trzJjUQOWaCkhwoykLe5T4AXOmGMfEj/rve+FUcoEJEafl0cvnI:xJjUQ9ehwgUOp9nimLScvI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d67ff183f865c4ede044f74504bb71b_JaffaCakes118

Files

5d67ff183f865c4ede044f74504bb71b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fcb469d2a6de7a5ef69321a8ef0efe58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
IsBadReadPtr
GetPrivateProfileStringA
Sleep
ReadProcessMemory
CreateThread
GlobalFree
GlobalLock
GlobalAlloc
GetModuleFileNameA
GetCurrentProcess
WriteProcessMemory

user32

SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

msvcrt

sprintf
_adjust_fdiv
malloc
_initterm
free
memset
??3@YAXPAX@Z
strrchr
strcpy
_stricmp
??2@YAPAXI@Z
strlen
memcpy

Exports

Exports

fa
fc

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ