adc10793fcd9914f0cec831c0d028188_JaffaCakes118 | Triage

Sharing

General

Target

adc10793fcd9914f0cec831c0d028188_JaffaCakes118
Size

49KB
MD5

adc10793fcd9914f0cec831c0d028188
SHA1

ad9ae6d95b023b9d48b2acd4410df69d65fc76e5
SHA256

e2ef41b338f0d7f3ac42ee71600d1c1ee0f620e58162f0763b8174d578010c14
SHA512

29ff0e6d47b9468b2981424ba523b1644dda5fd46971af203e6d0454436a6491d3c30d7ff4d499986ebc29f5ece38f46e3e1200a9ddb44c7260a03fefcd2801f
SSDEEP

768:FjeKYo5egUjx5zLNLkUuySWCPraGWY+XbcOalhtrSTUhM/l:djMgkDplzE7nNjhS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adc10793fcd9914f0cec831c0d028188_JaffaCakes118

Files

adc10793fcd9914f0cec831c0d028188_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fa1801e7488da14120e3306ca496f128

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualProtectEx
CloseHandle
CreateEventA
OpenEventA
GetModuleFileNameA
GlobalFree
ReadProcessMemory
GlobalLock
GlobalAlloc
GetCurrentProcess
GetPrivateProfileStringA
Sleep
CreateThread
OutputDebugStringA
GetPrivateProfileIntA
GetModuleHandleA
GetCommandLineA
VirtualAlloc
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
ReadFile
CreateFileA
IsBadReadPtr
GetTickCount

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
FindWindowA
wsprintfA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ