eacdd65d28551b95b8eb18323a51c40d_JaffaCakes118 | Triage

Sharing

General

Target

eacdd65d28551b95b8eb18323a51c40d_JaffaCakes118
Size

5KB
MD5

eacdd65d28551b95b8eb18323a51c40d
SHA1

cb6bb8fc1ea49bdc6f89f29a94e181c9e83960c0
SHA256

6508443d88fda54884b4f9be7df579d0433690a7b42994d6ebc6ee0629df439b
SHA512

805b3ec77712b7dff6d30bd89101a9df67761a3724ea7849a7f099025cecf31ad8d363a6729a372b33b4fc0d584e7be0347c899407b9d1a5682ca407190e252d
SSDEEP

48:azXzjAUlRXbnb6aWN5BMOBjSEsvzdS87+KY5TtYfan8nch2DanfQaEUm6VNI/Lj:szjjbWaWryiJW7+x7wa8cEDafhFm7jj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eacdd65d28551b95b8eb18323a51c40d_JaffaCakes118

Files

eacdd65d28551b95b8eb18323a51c40d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6fb6317c2bb4ca85ef05cd3ff8d955e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetCurrentProcess
CreateThread
VirtualProtectEx
GetModuleFileNameA

user32

FindWindowA
UnhookWindowsHookEx
CallNextHookEx
SendMessageA
IsWindowVisible
GetClassNameA
SetWindowsHookExA
FindWindowExA
EnumChildWindows

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

msvcrt

malloc
_initterm
free
memcpy
??3@YAXPAX@Z
strcmp
_adjust_fdiv
_stricmp
strlen
??2@YAPAXI@Z
sprintf
strcpy
strrchr

Exports

Exports

fa
fb

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ