bebf5364df0c25bf6b5c2b3556a3f498_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bebf5364df0c25bf6b5c2b3556a3f498_JaffaCakes118
Size

6KB
MD5

bebf5364df0c25bf6b5c2b3556a3f498
SHA1

72ad6973b3842d761c37f93b7238924fffb6e2c1
SHA256

911a25b7caaddace5eea602c574c484d7802cd075660baee9739af60e1cf800b
SHA512

42da273ab5ddd071ceec872e6c990942915c666b4439d641f8a19c324a59f767db2be1e217b2797c6c40eab93530772e0d96180eb420ff8d61a59d5254361885
SSDEEP

96:J2lR9JwEH1BWM/Fib1en0m89vPar3/i3c:U+ELW0se0p9s/iM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bebf5364df0c25bf6b5c2b3556a3f498_JaffaCakes118

Files

bebf5364df0c25bf6b5c2b3556a3f498_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cace2c6fb6349a45a4098c25d9dd3863

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
SetThreadPriority
GetCurrentThread
GetProcAddress
GetModuleHandleA
GetSystemInfo
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
VirtualQuery
WriteProcessMemory
GetCurrentProcess
VirtualProtect
lstrcmpiA
LoadLibraryA
DisableThreadLibraryCalls
LoadLibraryExA
LoadLibraryExW
HeapFree
GetProcessHeap
HeapAlloc

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx

rasapi32

RasDialA
RasDialW
RasHangUpA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

Hook
Unhook

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDAT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ