6515593c6310aab67b45c73d09db4e57_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6515593c6310aab67b45c73d09db4e57_JaffaCakes118
Size

9KB
MD5

6515593c6310aab67b45c73d09db4e57
SHA1

08a15b92f8b6997c258ab31dd7f53935cba4f6e6
SHA256

d5878b4e7ec83102900ea7a67285d4ec467ed26c7ed363c7561078c8a6444c85
SHA512

1e835252ce4c2ba39ff9341d871fecef40a028311347fffa935d3e29b62c6086e609601547d49e40acf78dc3b529ae6862c8399f6dbbbcf30a8a8e1a8c85bc85
SSDEEP

192:iccIxtSsp4QmUaHeZbUtfFQkgUseRRdxMvzm+5piW/xoTxmqgXw8uL:ibIT1dHaQg9AvzmiiW/xgiE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6515593c6310aab67b45c73d09db4e57_JaffaCakes118

Files

6515593c6310aab67b45c73d09db4e57_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e367fde92d87aefecff11c58e14e8edf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetProcAddress
VirtualProtect
GetFileSize
Sleep
ExitProcess
GetLastError
GetModuleFileNameA
GetSystemDirectoryA
lstrlenA
GetModuleHandleA
CreateThread

user32

CallNextHookEx
SetWindowsHookExA

msvcrt

fread
fclose
sprintf
strstr
strchr
malloc
remove
fwrite
fgets
strtok
__CxxFrameHandler
strncpy
rand
free
_initterm
_adjust_fdiv
sscanf
fopen
_stricmp

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

send
closesocket
connect
htons
recv
socket
WSACleanup
inet_ntoa
gethostbyname
WSAStartup
inet_addr

Exports

Exports

?dnfCallBack@@YGJHIJ@Z
codeDnfExeJmpGetMoney
codeDnfExeJmpSendUserInfo
codeQQLoginGetCard
codeQQLoginGetUserInfo
codeQQLoginSafeCode
installHook
killDnf

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ