a7128078c6a4fae1558bf5be296db070_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7128078c6a4fae1558bf5be296db070_JaffaCakes118
Size

24KB
MD5

a7128078c6a4fae1558bf5be296db070
SHA1

16b607f7ac878621ee81c2165a9eee096ea593d8
SHA256

db4a8a5f347a2530ba8469e85c262c2e1390cad7b66134e2762e85e32c659432
SHA512

6d1a29dfc450ab03859e735af81b6aeb8e529d2d0ba3f7f6954bc04016308919c29ffa6848137357f9a5c50bef7b7e896f6f152482c73506356523f7716efd85
SSDEEP

384:pWOWVZpir3IfBST7ufp/veRLwwzK9Jied09RhcZyIzTcJkuF:pDiZpir3IfBSTIqcd6ed09Rh9IzAJFF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7128078c6a4fae1558bf5be296db070_JaffaCakes118

Files

a7128078c6a4fae1558bf5be296db070_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e3d2b93c29182d3674e1ad78759e3ea8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowTextA
GetWindowThreadProcessId
EnumWindows

ws2_32

closesocket
ntohs

msvcrt

strcpy
strncpy
_initterm
malloc
_adjust_fdiv
_itoa
strchr
atoi
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
fopen
fwrite
fclose
fread
time
memset
_strlwr
free

kernel32

GlobalAlloc
Sleep
lstrcmpA
lstrcpyA
CreateThread
GetModuleHandleA
LoadLibraryA
CopyFileA
GetProcAddress
GetModuleFileNameA
GetTempPathA
lstrlenA
ReadProcessMemory
lstrcatA
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
GlobalLock

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ