cfabb5e676dd38b5bbe19e720a5db4a4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfabb5e676dd38b5bbe19e720a5db4a4_JaffaCakes118
Size

31KB
MD5

cfabb5e676dd38b5bbe19e720a5db4a4
SHA1

28a3f926458c2f003b146fd33d2fbb0c53442db6
SHA256

83de341ae6882b089f725cbf334ed0ba76d7280be17c1b7f8a94617ce49836d1
SHA512

04f7b7b5152915d6aacd930c1590301aea9d3ab971954cfe73d15e1870613581df9879e895ce8dad60b5a25412808640d48ddbd4086578b6525336ccc9f87a52
SSDEEP

768:yn/TtAz77zCM+U0ItYQl63tOeopA/oxyB:y/TtAnCy3KopA/ocB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfabb5e676dd38b5bbe19e720a5db4a4_JaffaCakes118

Files

cfabb5e676dd38b5bbe19e720a5db4a4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5443e16a8adc78d65c21f03869619a01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
WriteFile
CreateSemaphoreA
IsBadReadPtr
CreateThread
Sleep
GetProcessHeap
HeapAlloc
HeapFree
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
HeapReAlloc
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
VirtualFree
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetStdHandle
GetCPInfo
GetACP

user32

SendMessageA
FindWindowA
FindWindowExA
wsprintfA

wininet

HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle
HttpSendRequestA

Exports

Exports

Call
_DllMain@12

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ