db31a4c079807d9b6466723f3b5b37c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db31a4c079807d9b6466723f3b5b37c1_JaffaCakes118
Size

19KB
MD5

db31a4c079807d9b6466723f3b5b37c1
SHA1

3517f7136ee2dffaa68c17d37d88e52451e66bb8
SHA256

8df43fd771499f5ca7c3bfcb984ed79962109402aa932676a2ecfbc4bc052f9e
SHA512

d994880040dee5af8af00b175be444e691349cd7bee7872ebf3dea7e449c20f4cd3aa52bd51bd9660d6fb477c0a07b37712e0e68d8cc5c92403acfd54d03b102
SSDEEP

384:Qba4tOXPVeZisLmxb9s5Blv2sRV8A9ysbGZPqHxUH/t:Ps1v2on9ysC8xUf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db31a4c079807d9b6466723f3b5b37c1_JaffaCakes118

Files

db31a4c079807d9b6466723f3b5b37c1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ca9336a08c760ef00de3c171072ac08a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
Sleep
lstrcpyA
ExitProcess
lstrcmpA
lstrlenA
lstrcpynA
lstrcmpiA
GetTickCount
CloseHandle
ReadFile
CreateFileA
GetModuleFileNameA
CreateThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
RtlUnwind

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA

wininet

HttpOpenRequestA
InternetCloseHandle
InternetOpenA
InternetReadFile
HttpSendRequestA

Exports

Exports

wdof
wdon

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ