f9d3c0411084d163b7615a7276245578_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9d3c0411084d163b7615a7276245578_JaffaCakes118
Size

35KB
MD5

f9d3c0411084d163b7615a7276245578
SHA1

c0d25455122cd919562e37c6c5100581a92e962b
SHA256

a715372ea6a9a9be7cfd51295c70d447543e9841229a79b509ed0540e293fe2f
SHA512

46792f39b6b73722e5b3ad5cd3a0ba6977685f6fafa70cda8ecb36541a20842b70b4d21a699269f4c363262d75bb1b927af7ec9e71d80b687639d3d76c86d310
SSDEEP

768:qClpiiD93xdGUyKpuz/E4mcM6P/r6CZxrt1hHqe:piiD1/GUuoyr6yxYe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9d3c0411084d163b7615a7276245578_JaffaCakes118

Files

f9d3c0411084d163b7615a7276245578_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ba51867311f2a55b5fb4418d98e47fd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEnvironmentVariableA
GetEnvironmentVariableA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualFreeEx
CreateProcessA
SetLastError
ReadProcessMemory
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
Module32Next
Module32First
VirtualProtect
GetModuleHandleA
IsBadReadPtr
FreeLibrary
ResumeThread
GetProcAddress
LoadLibraryA
SuspendThread
GetLastError
GetLocalTime
WideCharToMultiByte
ReleaseMutex
SetFilePointer
CreateFileA
CreateMutexA
WriteFile
GetModuleFileNameA
ReadFile
GetCurrentProcessId
DeleteFileA
SetEndOfFile

msvcrt

memset
strstr
memcpy
strncpy
strcmp
free
malloc
_snprintf
strlen
memmove
strncmp
_strnicmp
atoi
fgets
fclose
fopen
strcpy
time
calloc
mktime
printf
_initterm
_adjust_fdiv
_stricmp

Exports

Exports

SetGlobalHook
UnsetGlobalHook
_GlobalHookProc@12

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ