abb29f838ba1422e5a2657cfaf960db4_JaffaCakes118 | Triage

Sharing

General

Target

abb29f838ba1422e5a2657cfaf960db4_JaffaCakes118
Size

18KB
MD5

abb29f838ba1422e5a2657cfaf960db4
SHA1

6abbc73afcfd825b56724e09351a3050bfb11fe4
SHA256

3b2071ec8c7a674eafea4257e65ae9996e7e3e9b3bcd8059d16117faa2312d37
SHA512

f7fd5b1c4cda4eca8730b06012478a1dfef474f0dcd9de4b834f1606f266a8128433c7a1c91f1aee2b2b6e1b571fe5a6e596205fa8395625170a23335d8bd958
SSDEEP

384:KaQy4lYnxPoEl5dHURyElJkeXo/5aBHxd1wQ6na9fuIwm6hjlOax498gW:Ah1o/5OHD1v6na9Glm63OauSn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abb29f838ba1422e5a2657cfaf960db4_JaffaCakes118

Files

abb29f838ba1422e5a2657cfaf960db4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d148e87a9efa5a7240a83a6e6e9c003e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
ExitProcess
lstrcpyA
lstrcmpA
Sleep
lstrlenA
lstrcmpiA
GetTickCount
lstrcpynA
WideCharToMultiByte
GetSystemTime
GetPrivateProfileStringA
CloseHandle
ReadFile
CreateFileA
SetFilePointer
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
RtlUnwind

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
FindWindowA

wininet

HttpQueryInfoA
InternetOpenA
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle

Exports

Exports

zhkf
zhko

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ