7222b97949540fe0389be51372f3d86e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7222b97949540fe0389be51372f3d86e_JaffaCakes118
Size

7KB
MD5

7222b97949540fe0389be51372f3d86e
SHA1

24b704f783421bc0999b4b78b98cf4ec2d1bdb05
SHA256

b2f447fd255bce5e26611e5acb66220609d4c601058e7010a4301250fa27dba5
SHA512

428b51863790f4e83f5b9072e6f385c477b8c38241fcff826605593eaf1bfcaa1c8118f5116f0a6e66428a33f6b4bf576c69f8af8a098c2288512f07235e3cd5
SSDEEP

96:V/8lbcjlSpiypRgHMz6C4dS2li+yLVJOJmqk9auL6:ecUpiQMPiDVgJmqJue

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7222b97949540fe0389be51372f3d86e_JaffaCakes118

Files

7222b97949540fe0389be51372f3d86e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6fb7acdba64eca47643fdb07f4407298

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetComputerNameA
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
Sleep
GetCurrentProcess
ExitProcess

user32

GetWindowThreadProcessId
GetWindowTextA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
FindWindowA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

sprintf
_adjust_fdiv
malloc
_initterm
free
memcpy
strchr
strncpy
strrchr
??3@YAXPAX@Z
memset
??2@YAPAXI@Z
_stricmp
strcmp
strcat
strcpy
strlen

Exports

Exports

fa
fc

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdat
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ