045a5ead5eed08e1e20b226a87ec0359_JaffaCakes118 | Triage

Sharing

General

Target

045a5ead5eed08e1e20b226a87ec0359_JaffaCakes118
Size

7KB
MD5

045a5ead5eed08e1e20b226a87ec0359
SHA1

011f9798fe12f44f50a3d5c22be33bb81cf8c392
SHA256

02e3e0b4228a5ac12092d586b994af39bbb6da79a6e858cf039e153b0e8dfb1b
SHA512

21bf59379a45b519dcf161d62493574f3938ff92da348fd5192acc7df94761ab4c79cb289b1bce54a11909433b0fd7d09bf81169fb0705a67c229022711ec341
SSDEEP

96:W9xM9hGK5Naw6xTqMr8QcM2LSfDfiCbe/rzhGafkNashOjfo:dh55kNhcasTNRBsuo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
045a5ead5eed08e1e20b226a87ec0359_JaffaCakes118

Files

045a5ead5eed08e1e20b226a87ec0359_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b8483c5b27459f9e4e08ad07efbe35c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
Sleep
VirtualProtectEx
MultiByteToWideChar
ReadProcessMemory
GlobalLock
GlobalAlloc
IsBadReadPtr
WideCharToMultiByte
GetCurrentProcess
GlobalFree
GetModuleFileNameA

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

msvcrt

_adjust_fdiv
malloc
_initterm
free
_stricmp
strcmp
strrchr
??3@YAXPAX@Z
strcpy
??2@YAPAXI@Z
sprintf
strlen
strncpy
strchr
strstr
fclose
fread
fopen
memset
memcpy

Exports

Exports

fa
fc

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ