f6acf4c827cfd26e21e96ee7242155be_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6acf4c827cfd26e21e96ee7242155be_JaffaCakes118
Size

10KB
MD5

f6acf4c827cfd26e21e96ee7242155be
SHA1

3b92e50112d35f42489271a64fc66b721d3e77fe
SHA256

ec822ba74918ce62ca4f92267ee0d9b0f499562677b0d39108589600a3d763d8
SHA512

bf99ad8962df182d6c9daeb84864f3206944ab489312aa4e743dca8c46dcc758ae37f06fb8c5edb671e31118790cfa1dca7a2c928b5f6e3660dcab95c8ebe8dc
SSDEEP

192:oqAz7iDPPpdV2gDeOGr8hvCydGrQX2mTAx0NP9Xd1ZA6fi:BDP4gDkkKyG8XTDf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6acf4c827cfd26e21e96ee7242155be_JaffaCakes118

Files

f6acf4c827cfd26e21e96ee7242155be_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cb566e6f0c9e2bb0265ef350ba79b613

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
GetCurrentProcess
CloseHandle
CreateThread
GetModuleFileNameA
GetComputerNameA
GetCurrentProcessId
GetModuleHandleA
IsBadReadPtr
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
VirtualFree
GetProcAddress
VirtualAlloc

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
wsprintfA
FindWindowA
GetWindowThreadProcessId

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ