5f1b84d59cec222e2c9b6860c1189d28_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f1b84d59cec222e2c9b6860c1189d28_JaffaCakes118
Size

5KB
MD5

5f1b84d59cec222e2c9b6860c1189d28
SHA1

1c41b608f1ba704a4488850de30555ebedcf8a10
SHA256

ba131bd32063bff61b6aff21ab427a4a3a6470af951fa5f55de9eab627b3943a
SHA512

7dd9836a77565ccb6f8f7a918687286ab0e7b16170da8c8f353bd93ea51175bc4d20fb86066ed7d2a457f55037ff3ef9a58f30505daf8a3af8dc43f2e8cc5ca7
SSDEEP

96:b0csDaUFSjjn65xOWq1PfVQU9Y7J5T2rNFh6N9xUBBVdIF:b0cnM6bw2Y7JEzo92jS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f1b84d59cec222e2c9b6860c1189d28_JaffaCakes118

Files

5f1b84d59cec222e2c9b6860c1189d28_JaffaCakes118
.dll windows:4 windows x86 arch:x86

72c692672296b333d61db0392f85ddff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetCommandLineA
GetModuleFileNameA
GetPrivateProfileStringA
lstrlenA
CreateMutexA
WinExec
lstrcmpA
DeleteFileA
GlobalAlloc
TerminateProcess
GetCurrentProcess
OpenMutexA
Sleep
lstrcatA
lstrcpyA
GetSystemDirectoryA
GetModuleHandleA

user32

CallNextHookEx
SetWindowsHookExA
CharUpperA
CharLowerA
wsprintfA

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

Exports

Exports

ENProcess
HDDGuard

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 401B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ