d1e786c75ca24a31b3f2a97eacddc57b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1e786c75ca24a31b3f2a97eacddc57b_JaffaCakes118
Size

14KB
MD5

d1e786c75ca24a31b3f2a97eacddc57b
SHA1

a2299f363b64caadb66e3a8004c5329337f94087
SHA256

0dbdace5c40a437821eef2586033e99fa5777ebfca203958780772bf0ac6d799
SHA512

fcc59d373f9d2f45982a23b2f413b590a7b6a76523aac125312976e179e79d04eff6891841c4e7f5fd0e40f8bedc7fe6257d7c2f8051ccefaa85c8974dae2731
SSDEEP

192:8/A8zWDK6b1Rc9GP+ypfKyvTiXh5ag4CdyGVnyiX0pfEHEIbP3QJJM5A:0vCG6b+++yVTixx4YVn9k3C3QL2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1e786c75ca24a31b3f2a97eacddc57b_JaffaCakes118

Files

d1e786c75ca24a31b3f2a97eacddc57b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

59e94388288c3365c918a8883f70042f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
CreateThread
WideCharToMultiByte
MultiByteToWideChar
Sleep
ReadProcessMemory
WriteProcessMemory
GetCurrentProcess
GlobalLock
GlobalAlloc
IsBadReadPtr
GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA
GlobalUnlock
GetCurrentProcessId
CreateMutexA
GetLastError
GlobalFree

user32

GetWindowThreadProcessId
CallNextHookEx
SetWindowsHookExA
FindWindowA
GetWindowTextA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

msvcrt

??2@YAPAXI@Z
_adjust_fdiv
malloc
_initterm
free
strcmp
memcpy
memset
fclose
fopen
strrchr
??3@YAXPAX@Z
strcpy
_stricmp
sprintf
strlen
strncpy
strchr
strstr
fread

Exports

Exports

fx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ