fd3c63df38a4b3a3acb99f744fc380ff_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd3c63df38a4b3a3acb99f744fc380ff_JaffaCakes118
Size

6KB
MD5

fd3c63df38a4b3a3acb99f744fc380ff
SHA1

90c8fa580d9b52461439ff56eee6a11ff45db175
SHA256

a07a2421bbec3a9ff0bc748a3167ecbde007ba39e5474077c6ff544ef58f69d7
SHA512

a0bb238b104096806ec63c1a341ae71b59bf098f4e1b89d05484de05eb106f95fc25502c12ea3831fec64c1b20d7a11012e0248792bbcebc4aec34234c279bb9
SSDEEP

96:tiuuBcfECALTmyurYvwMAMIjO2IJayKDJIbC:cHsomvYvvJBt5Keb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd3c63df38a4b3a3acb99f744fc380ff_JaffaCakes118

Files

fd3c63df38a4b3a3acb99f744fc380ff_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2de6346e877c8ec852c58503898f48eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
ReadProcessMemory
WriteProcessMemory
GlobalFree
WideCharToMultiByte
GlobalAlloc
CreateThread
GetPrivateProfileStringA
GetCurrentProcess
GlobalLock
GetModuleFileNameA

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

_adjust_fdiv
_stricmp
malloc
_initterm
free
strlen
strrchr
memset
strcpy
strstr
memcpy
??3@YAXPAX@Z
sprintf
??2@YAPAXI@Z

Exports

Exports

fa
fb

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ