e1d1f7a9cdfaa4a48408c24e4e423806_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1d1f7a9cdfaa4a48408c24e4e423806_JaffaCakes118
Size

7KB
MD5

e1d1f7a9cdfaa4a48408c24e4e423806
SHA1

7084c40b29d0030dd3c809fa22b8c32d9637cfbd
SHA256

093f2fba66a9e7cc3d0837e6e665765cddede4782aca4e4c9967613c9465a7fa
SHA512

5852157e3738d971fd31f66b0dca51b2e14bb6f3d322d042045be9f11a7a640a971cebe4a9dee25473a69444cd6c79265c57fd2b46d59021027c6da42ebf78fd
SSDEEP

96:jU/nm6N428wd6gYuODCXglbrLS9FGO5bkN1umqaf3gxF:jMnr4AdfL6G9F5I1uaK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1d1f7a9cdfaa4a48408c24e4e423806_JaffaCakes118

Files

e1d1f7a9cdfaa4a48408c24e4e423806_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0b9b27bfe24ab4f602cff9acb9401223

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
VirtualProtectEx
GetModuleFileNameA
GetCurrentProcess
IsBadReadPtr
GetProcAddress
GetModuleHandleA
Sleep
GetCommandLineA
GlobalFree
ReadProcessMemory
GlobalLock
GlobalAlloc

user32

GetKeyboardState
UnhookWindowsHookEx
CallNextHookEx
ToAscii
SetWindowsHookExA

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

msvcrt

_adjust_fdiv
malloc
_initterm
free
_stricmp
strlen
strstr
strncpy
memcpy
strrchr
strcpy
strcmp
strcat
sprintf
??2@YAPAXI@Z

Exports

Exports

fa
fc

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 275B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ