b1a5a6092b3f634151c3dcb49f5a2499_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1a5a6092b3f634151c3dcb49f5a2499_JaffaCakes118
Size

8KB
MD5

b1a5a6092b3f634151c3dcb49f5a2499
SHA1

30e9abc6c532ac897c1f60cb11a0f1d4a14f8005
SHA256

83244a47531c779ae58053b639c00ffcb8c529054234f8a9c5274f019f7994bc
SHA512

c331377364235062c7ab2f90bff5c5b8918a0c7026adf1106ee62c916ecca80e12c3648f70aa075e895400bf15f1c1fcc88a50dd335b5e5eee70f4bbc860841a
SSDEEP

96:wTY4MuOe+LkXgiIvel/9r5mfEwPhyANE4EaflLCutqx:MY2+IXesWnLM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1a5a6092b3f634151c3dcb49f5a2499_JaffaCakes118

Files

b1a5a6092b3f634151c3dcb49f5a2499_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1c291849efee684070156ef09955dc61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetPrivateProfileStringA
Sleep
ReadProcessMemory
CreateThread
GlobalFree
GlobalLock
GlobalAlloc
GetCommandLineA
GetModuleFileNameA
GetCurrentProcess
WriteProcessMemory

user32

UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

msvcrt

_adjust_fdiv
_stricmp
malloc
_initterm
free
strstr
??3@YAXPAX@Z
strrchr
strcpy
sprintf
??2@YAPAXI@Z
strlen
memcpy
memset

Exports

Exports

fa
fb

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ