72765ed807ceeb090ff47f9abc997145_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72765ed807ceeb090ff47f9abc997145_JaffaCakes118
Size

19KB
MD5

72765ed807ceeb090ff47f9abc997145
SHA1

5344511b6a9be21af799b67c2b7c4e2fcbc0ec27
SHA256

2cd5526f0ef764062777327e127be73224b048ac1ecc91a6cfbebb7650a03e41
SHA512

1d4964f3e52cd1fdadb17f7a82228090751bf019f1a08061132100925272748364f38a6a99d8308e4c1e81d5c4faf9a7a12dc0a37ede16077536f0eaafb0dd0f
SSDEEP

384:Owu0G30Q8F12PuYjhzv9l+uOSUy8pa8woS2xZEgIuY:ZP5azD+uzUJpcvEZJY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72765ed807ceeb090ff47f9abc997145_JaffaCakes118

Files

72765ed807ceeb090ff47f9abc997145_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9f7025bcc5d267e467375050b64344c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
InitializeCriticalSection
Sleep
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
TerminateProcess
OpenProcess
IsBadReadPtr
DeleteFileA
GetFileSize
CloseHandle
ReadFile
SetFilePointer
CreateFileA
lstrcpynA
HeapAlloc
GetProcessHeap
GetModuleHandleA
GetPrivateProfileStringA
GetModuleFileNameA
GetProcAddress
CreateThread

user32

ToAscii
wsprintfA
GetKeyState
GetKeyboardState
MapVirtualKeyA

wininet

InternetCloseHandle

msvcrt

atoi
isalpha
_strdup
isdigit
realloc
_strcmpi
_strupr
strchr
??3@YAXPAX@Z
free
strcpy
memset
malloc
strcat
sprintf
strlen
strstr
_except_handler3
strncpy
strcmp
memcpy
strrchr
_vsnprintf
__CxxFrameHandler
_local_unwind2
_stricmp

wsock32

recv
connect
htons
socket
WSAStartup
send
gethostbyname
closesocket

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ