baca7b91f6611719ead6d6e7186e514b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

baca7b91f6611719ead6d6e7186e514b_JaffaCakes118
Size

52KB
MD5

baca7b91f6611719ead6d6e7186e514b
SHA1

e9f9749759cba6a5aac2cb1f751c174018b71c9d
SHA256

ceec67193e8186f2512a8e6f18bea4fc272a9300e4a0466e77fe8c4e487d39a0
SHA512

c7c7632f5a2a07b210a2423ab8dbd4c650f87b649b1969a229d39f4cf5966e2f00194cc32ad7b63afab81e32781350c78d3e7393e3771e936f509dd9502ddb18
SSDEEP

768:tLigip/q6c1faCizIqzf1obzz4BpSuhlpl1Y:1sq58tzxD1eySsl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baca7b91f6611719ead6d6e7186e514b_JaffaCakes118

Files

baca7b91f6611719ead6d6e7186e514b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

72144474dda4ea40cc3bd6e3909ee5e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualProtectEx
CloseHandle
CreateEventA
OpenEventA
GetModuleFileNameA
GlobalFree
ReadProcessMemory
GlobalLock
GlobalAlloc
GetCurrentProcess
GetPrivateProfileStringA
Sleep
CreateThread
GetPrivateProfileIntA
VirtualAlloc
VirtualFree
ExitProcess
WideCharToMultiByte
GetModuleHandleA
OutputDebugStringA
GetCommandLineA
IsBadReadPtr
GetTickCount

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
FindWindowA
wsprintfA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup

Exports

Exports

ZtGame_IN
ZtGame_OUT

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ