85d310669e96400779c0f39bbbcaa5ec_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85d310669e96400779c0f39bbbcaa5ec_JaffaCakes118
Size

15KB
MD5

85d310669e96400779c0f39bbbcaa5ec
SHA1

6e84ce5952413307cdc6bf1e3b177c21016a0bea
SHA256

0ec2185d19f0b7bcdc9009d451b6c748a5ea001f7d1afe06f8b398e37524fd5f
SHA512

f5b0172727c1fcc6eb9194cba7e8a4db400ecc7036883dd5615d8b68c2c65b1de93f5f9d5e86e9f622a4d7d6c773fb17d767e6229edf056592b26c0aaddc8c2d
SSDEEP

384:BLoegx5O5aBJXsA4J12fjaDUTpWQ55fakAo:BtgXEaBtf4J4fjieL5BaP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85d310669e96400779c0f39bbbcaa5ec_JaffaCakes118

Files

85d310669e96400779c0f39bbbcaa5ec_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c27a4248d8724ed9e31c928d20a60a61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

StrToIntA

psapi

EnumProcessModules

mfc42

ord1089

msvcrt

??1type_info@@UAE@XZ

user32

GetAsyncKeyState

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize

oleaut32

VariantClear

urlmon

URLDownloadToFileA

Exports

Exports

?DelHook@@YGHXZ
?SetHook@@YGHXZ

Sections

.text
Size: 9KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE