b93b3696023c892689c896108a00df02_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b93b3696023c892689c896108a00df02_JaffaCakes118
Size

26KB
MD5

b93b3696023c892689c896108a00df02
SHA1

de30be45296b66fe719877173b9b8e0cba27739c
SHA256

ed5cf3088307261e9109eb9ab39f0f5b3ec7739dba22542b843e67535a10ee11
SHA512

bd9ed59373fe602f2ab9e2a5b6900fd30b26c549778ecd80eef0036d7965baf9036049f59406d22bfae5e7438352b0841f2132c62a0a3c76b44d833abea27e81
SSDEEP

384:NZKZ66z0Ir/ynvwvFPwDqmm1p9lF5bfFLnTjv3P:NZK46QIjsvwvFoDqmm1pF5rFb/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b93b3696023c892689c896108a00df02_JaffaCakes118

Files

b93b3696023c892689c896108a00df02_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5d92fe1509f57bbf2ce6f80c95b7ca86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadProcessMemory
GetCurrentProcess
GetModuleFileNameA
GlobalFree
GlobalLock
VirtualProtectEx
GetModuleHandleA
GetComputerNameA
CreateThread
IsBadReadPtr
WriteProcessMemory
GlobalAlloc
VirtualAlloc

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
wsprintfA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

Sections

�berhoff
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�berhoff
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�berhoff
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ