f0d77d3dfff375176ca56484f881f9a7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0d77d3dfff375176ca56484f881f9a7_JaffaCakes118
Size

7KB
MD5

f0d77d3dfff375176ca56484f881f9a7
SHA1

1fb7ef59747b3fce9f7cf1c859a832e99c17eea5
SHA256

891afc90d0c637b568f2266d65d81ac77d9e780ed096ae74901472593e1bcb3b
SHA512

fbfdad25fa0c982d31b6d8ae325ec2296d5d2d492be2679e13266bc34de271f382a8d92fdf54b0076964a87dbd2bcf3465e196b2e606cdc2540711e0dfdf4c77
SSDEEP

96:GqHGFzp/RmloruBJQHbLT1oWBIXoH/VNszxN+:+lQjCRoWBI4dN67+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0d77d3dfff375176ca56484f881f9a7_JaffaCakes118

Files

f0d77d3dfff375176ca56484f881f9a7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e7d00f390374c242b4392aca4a999382

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetWindowsDirectoryA
Process32Next
lstrcatA
FindClose
FindNextFileA
FindFirstFileA
OpenEventA
SetEvent
Sleep
GetCurrentProcessId
CreateMutexA
GetModuleFileNameA
CreateThread
ReleaseMutex
OpenProcess
CloseHandle
GetLastError
GetCurrentThreadId
LoadLibraryA
lstrcpyA
FreeLibrary

user32

GetWindowThreadProcessId
SetWindowsHookExA
UnhookWindowsHookEx
GetMessageA
PostThreadMessageA
CallNextHookEx
wsprintfA
EnumWindows

msvcrt

free
_initterm
malloc
_adjust_fdiv
strrchr

advapi32

OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueA

shlwapi

StrStrIA

Exports

Exports

COMResModuleInstance
ComeOn
SetMsgHook

Sections

.bss
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ