873c5d405a1219b195bc62228a025404_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

873c5d405a1219b195bc62228a025404_JaffaCakes118
Size

14KB
MD5

873c5d405a1219b195bc62228a025404
SHA1

4b26361b2bbd733064b34ab467d105cbb8b2546f
SHA256

f464f29d9c52f8fcaf4fe5642af4659d3ee47a1cbe54b8d374b765cd8ed5561c
SHA512

be1197d0bdd737fbca515e95b7670efeefa29228c7e39ee7aca95032028e4e13e061df7e46be445319ffeee9437791044d1572b4b6a2a6d2145d4d3108d637f0
SSDEEP

192:UbAqyJlHnNGc+EqXj73f0nde5eSarY7CsCCXkHpMbO6FWRVpHYNVYw:kAHrNGc2jgn2ens90JMFWR/Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
873c5d405a1219b195bc62228a025404_JaffaCakes118

Files

873c5d405a1219b195bc62228a025404_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c0291f637929f591b23471f9d603e103

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
Sleep
GetModuleFileNameA
CloseHandle
SetEvent
GetProcAddress
IsBadReadPtr
GetFileSize
ReadFile
SetFilePointer
CreateFileA
HeapAlloc
GetProcessHeap
VirtualProtect
ExitProcess
TerminateProcess
GetModuleHandleA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
OpenEventA
CreateEventA
CreateThread

user32

wvsprintfA
wsprintfA
CallNextHookEx
SetWindowsHookExA
BroadcastSystemMessageA

msvcrt

strrchr
_strcmpi
_adjust_fdiv
strcpy
strcat
strlen
sprintf
memset
free
strcmp
strncpy
malloc
memcpy
_except_handler3
realloc
strstr
_strlwr
_initterm

netapi32

Netbios

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ