ab23d0c7026abbdc805dcab8c31e3206_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab23d0c7026abbdc805dcab8c31e3206_JaffaCakes118
Size

8KB
MD5

ab23d0c7026abbdc805dcab8c31e3206
SHA1

f3c5eadd79cda06e556fb81e74e024ecf94871aa
SHA256

2b06f869de1f650dd90d1956e4bf44dbb882ac4bf08b0afbfbab44cbec2deff0
SHA512

060615e97292a2fa3b56bb5b38f4132a97b13ba05546b8dd194b964f2c986df4a66ce7189d071918b3ff1ba645400c54779e53703b0a544c2f572d6cc2df87df
SSDEEP

192:7YFiecsLudSC3pMNZo8fLX++YAKMPol9lfaj:8PLo5R8fLjdo/l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab23d0c7026abbdc805dcab8c31e3206_JaffaCakes118

Files

ab23d0c7026abbdc805dcab8c31e3206_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5bd42470e37c0551493697387f8ec820

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetCommandLineA
Sleep
CloseHandle
LoadLibraryA
GetModuleFileNameA
GetLastError
CreateMutexA
lstrcmpiA

user32

SetWindowsHookExA
UnhookWindowsHookEx
GetMessageA
SetTimer
KillTimer
wsprintfA
CallNextHookEx

ws2_32

connect
htons
WSAStartup
gethostbyname
WSACleanup
socket
send
closesocket

msvcrt

_adjust_fdiv
_initterm
_beginthreadex
malloc
free
sprintf
_strcmpi
strchr
_except_handler3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ