b0a3664e2cb71ff754d522994d7e40af_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0a3664e2cb71ff754d522994d7e40af_JaffaCakes118
Size

10KB
MD5

b0a3664e2cb71ff754d522994d7e40af
SHA1

40c87147f1aa1d380ff2c56c08d02a7e4da0ead3
SHA256

e29d5068db03ccc0d713c498009b363a5db65f34751ef1820a17764e2867945d
SHA512

8ec60faa250953aaa25974ba61b1670b9e1b98123f86f1b7e1427e4b7ff42a1e87a35c9e6f6580fda7c8e9feb752cbf4f27b5ce9e2cb017c4d3d1734216a20f1
SSDEEP

192:YTLT9m9fOQfDXsNB/7tEyYpfKLYecK9ZQX:kLxm9fhfQ6yY0YecK9ZA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0a3664e2cb71ff754d522994d7e40af_JaffaCakes118

Files

b0a3664e2cb71ff754d522994d7e40af_JaffaCakes118
.dll windows:4 windows x86 arch:x86

40c05c2e2192d9afe8d1f879e38840e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetProcAddress
GetModuleHandleA
Sleep
GetModuleFileNameA
GlobalFree
ReadProcessMemory
GlobalLock
GlobalAlloc
GetPrivateProfileStringA
VirtualProtectEx
CreateThread
GetCommandLineA
IsBadReadPtr

user32

GetKeyboardState
CallNextHookEx
GetAsyncKeyState
ToUnicode
SetWindowsHookExA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

msvcrt

_initterm
malloc
_adjust_fdiv
_stricmp
free
memset
strlen
strstr
memcpy
strrchr
strcpy
strcmp
strcat
sprintf
??2@YAPAXI@Z
strncpy

Exports

Exports

fa

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ