ab50898ffb64044dc48649cfb01e735a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab50898ffb64044dc48649cfb01e735a_JaffaCakes118
Size

10KB
MD5

ab50898ffb64044dc48649cfb01e735a
SHA1

3915c8804e006aaaa6c9e76dc441bf4aa5dd9d26
SHA256

08ba1923fa7fd52de10e32d0369baa4c75ebae6207dc36ed0d0860461a5d1e3f
SHA512

0d38be6d6f38369f4902f175a8016b06b37f8e575879f1192afbb6615f7429c8d79dc935b88819989022e76f90625f189587247c56935c83d61c1a0367c94fe2
SSDEEP

192:xB+AZ3wfQ8hEWaSiYOsIRqfc2lpfKAHjec5pRh5db:x8A9Y9e9SrOsMGc2lBDec5pRh5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab50898ffb64044dc48649cfb01e735a_JaffaCakes118

Files

ab50898ffb64044dc48649cfb01e735a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d2c1ecd994fe2996eb908255a2377f2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetCurrentThread
Sleep
GetModuleFileNameA
GlobalFree
ReadProcessMemory
GlobalLock
GlobalAlloc
GetPrivateProfileStringA
VirtualProtectEx
IsBadReadPtr
CreateThread
GetCommandLineA

user32

SetWindowsHookExA
ToUnicode
GetAsyncKeyState
CallNextHookEx
GetKeyboardState

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

msvcrt

strcat
_adjust_fdiv
malloc
_initterm
free
memset
strlen
strstr
strcpy
memcpy
strrchr
strcmp
_stricmp
sprintf
??2@YAPAXI@Z
strncpy

Exports

Exports

fx

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ