669fb44c49a38bb47e9e5ac6651f6819_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

669fb44c49a38bb47e9e5ac6651f6819_JaffaCakes118
Size

23KB
MD5

669fb44c49a38bb47e9e5ac6651f6819
SHA1

883ab36a425989c12cf0336b5eafa83af4636473
SHA256

31ece83e0b31c25cf32089cbe667417d165721f7caba411968c0a0342afe223f
SHA512

959bfcc5db8fa5871aefd1b360f35d13d685f3c2d35389a941582fa86c5d102293c0a45d5e8f20aa33fb0c88fa203c90221368bea285624c020c9df8a5de7651
SSDEEP

384:zUiIBkRo4yvbblxuGaBVRaQzkJCVqJVZPKoCZJ4:zJIBqbyvHuGa0QzkJCmPTKJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
669fb44c49a38bb47e9e5ac6651f6819_JaffaCakes118

Files

669fb44c49a38bb47e9e5ac6651f6819_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1b04bc97be94aca8f1bf31641c2c9e14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
CloseHandle
CreateProcessA
GetTempPathA
Sleep
GetVersionExA
WriteProcessMemory
VirtualProtectEx
LoadLibraryA
GetCurrentProcess
ExitProcess
CreateThread
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetTickCount
GetProcAddress
VirtualFree
ReadProcessMemory
VirtualAlloc

user32

CallNextHookEx
SetWindowsHookExA
wsprintfA
GetMessageA
PostThreadMessageA
GetInputState
UnhookWindowsHookEx

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws2_32

shutdown
closesocket
WSAStartup
select
connect
gethostname
htons
ioctlsocket
socket
send
recv
__WSAFDIsSet
gethostbyname
inet_addr
WSACleanup
inet_ntoa

advapi32

RegDeleteValueA
RegOpenKeyExA
RegCloseKey

Exports

Exports

ZtGame_IN
ZtGame_OUT

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ