8a9536269acf966e6ee951038b1de655_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8a9536269acf966e6ee951038b1de655_JaffaCakes118
Size

31KB
MD5

8a9536269acf966e6ee951038b1de655
SHA1

91eaf080aebffb6f0b751d43c0bd6eadae7eb88c
SHA256

f577fdcd5cada1b6023786c450ffebb9cde2f9702dc92b3bee946a76a797e90b
SHA512

d26a0466f4c52356c24705c88e299b83cae867ce54a2db8056736c5f83ebed8e9a3c8a47f9e446b7e6175f74f643bffc2b3fdd0af41ea4e8091836a21ddd4869
SSDEEP

96:rdnrKUYlunI6iokvC2O7Dk4hRtcPSCXoCTvRK1vAy/XT4jS5:rprkluWokvC/7gucvprR+vAyfT4jS5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a9536269acf966e6ee951038b1de655_JaffaCakes118

Files

8a9536269acf966e6ee951038b1de655_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a35aa1f66d1673e6ab5cf2b8f0c4bde8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

kernel32

CopyFileA
CreateEventA
CreateFileA
SetErrorMode
CloseHandle
CreateThread
FreeLibrary
GetLastError
GetModuleFileNameA
GetSystemDirectoryA
GetTempPathA
LoadLibraryA
Sleep
CreateProcessA
DeleteFileA
GetExitCodeProcess
WriteFile
WaitForSingleObject
OpenEventA
SetEvent
ResumeThread
GetSystemTime
SystemTimeToFileTime

wsock32

recv
send
gethostbyname
connect
closesocket
socket
WSACleanup
WSAStartup

user32

GetWindowThreadProcessId
CallNextHookEx
FindWindowA
PostThreadMessageA
SetWindowsHookExA
UnhookWindowsHookEx

Exports

Exports

init

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ