aecfa0653bfe95727c28b5f7fdf3b307_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aecfa0653bfe95727c28b5f7fdf3b307_JaffaCakes118
Size

164KB
MD5

aecfa0653bfe95727c28b5f7fdf3b307
SHA1

3882225f75b0a5e1f9a5224d6d22b56590a3144b
SHA256

ae048e68cb8793c67c67163e4e102ecc2835bde54bf3c82fa7d004fa758ac894
SHA512

1fd4c123e99b5ff6ededc8cad512aa2588d75791a9e261b168ebae9624eb5e95cf0f02b3d2bf68f3e201a7f075ae0962da13750a42b5443244f513e43f38b5a7
SSDEEP

192:fnLAmHbgJVUS8z7blwROQouxqEiHG+woAbWgUfMBNA2UzF8:fdHsJY/xwjXxqYDbDUfMPA2Uh8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aecfa0653bfe95727c28b5f7fdf3b307_JaffaCakes118

Files

aecfa0653bfe95727c28b5f7fdf3b307_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7124df505f610db2c1ca393ba7473b88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
strstr
wcsstr
wcscmp
__dllonexit
_onexit
malloc
_initterm
free
sprintf

kernel32

DisableThreadLibraryCalls
CloseHandle
CreateToolhelp32Snapshot
Module32First
Module32Next
GetProcAddress
VirtualQuery
WriteProcessMemory
GetCurrentProcess
VirtualProtect
lstrcmpiA
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
GetCurrentProcessId
GetModuleHandleA
GetSystemInfo
CreateFileA
GetSystemDirectoryA
SetFilePointer
Sleep
WriteFile
CreateThread

user32

UnhookWindowsHookEx
CallNextHookEx
wsprintfA
SetWindowsHookExA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

_Prog_HookAllApps@12

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ