95edd39542ee02bbdaf0c395c409422b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

95edd39542ee02bbdaf0c395c409422b_JaffaCakes118
Size

7KB
MD5

95edd39542ee02bbdaf0c395c409422b
SHA1

8b33563af2fd88fe5dc0989c749addc81d24f044
SHA256

1ffa832e3a146c0bf9e5ada271a04ac024fb7bda8e82e80e101c23f80af67fbd
SHA512

b9de2e5451fb019d1789ab28eba7c3cd300875cbb065b3e2d6b7321a48ab6762af835cee927f0b6bff90cf5734c3de0f2eb8f3101e1e5b37d5ce1f6c811a2266
SSDEEP

96:F1j1k+XSqcd+RnQusoJiww+AdzsgKCsOhCR:Hhk+FRn/PtqzsgKreCR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95edd39542ee02bbdaf0c395c409422b_JaffaCakes118

Files

95edd39542ee02bbdaf0c395c409422b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ce9fe8c0e3b1ae08617bca76ed6f64e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
Sleep
GetComputerNameA
WriteProcessMemory
ReadProcessMemory
GetCurrentProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentProcessId
GetModuleFileNameA
ExitProcess

user32

UnhookWindowsHookEx
GetWindowTextA
GetWindowThreadProcessId
SetWindowsHookExA
FindWindowA
CallNextHookEx

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

sprintf
_adjust_fdiv
malloc
_initterm
free
strchr
strncpy
strlen
strrchr
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
_stricmp
strcpy
strcmp
strcat

Exports

Exports

fa
fb

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdat
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ