82bf830db1d6da83b292873f6dfdafbe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

82bf830db1d6da83b292873f6dfdafbe_JaffaCakes118
Size

5KB
MD5

82bf830db1d6da83b292873f6dfdafbe
SHA1

2489d09b6c0f506e1a873a415517563a661ebe50
SHA256

7d40eedb482c6e232ce58f00d4b638d761851626d757072bb4391dc1f5eabad2
SHA512

4144b5317bebdd4486adcfcef0b7864bbdbafeccac62a80cd85eb03b78c8619423fea95fa19a20a2f6252fac7585984c0ea0e2f967f313e6a98c06978c38cb83
SSDEEP

96:qChtcAQrnf1hRV2Ii93022EnNyWgpsbc88fy0oHfynlxAWRzV:qCDH21h6Ii930EJg6yQwTAWv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82bf830db1d6da83b292873f6dfdafbe_JaffaCakes118

Files

82bf830db1d6da83b292873f6dfdafbe_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6496f6e5cdfe42da4312ef03a8b7d4f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\WORK 源码\lq\Release\lq.pdb

Imports

kernel32

GetModuleHandleA
CreateThread
GetProcAddress
VirtualAlloc
Sleep
CreateFileA
ReadFile
CloseHandle
TerminateProcess
WriteFile
WideCharToMultiByte
lstrlenW
OutputDebugStringA
lstrlenA
lstrcpyA

user32

GetWindowTextA
FindWindowExA
FindWindowA
wsprintfA

ws2_32

socket
htons
connect
closesocket
WSAStartup
recv
send
inet_addr

msvcrt

strstr
memcpy
memset

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1013B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ