04a77a088f9fbba4cda50419cdaab841_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04a77a088f9fbba4cda50419cdaab841_JaffaCakes118
Size

10KB
MD5

04a77a088f9fbba4cda50419cdaab841
SHA1

566a4a13abeb4ed0db98fcecac32389976d04c43
SHA256

c100eb7f5794447f60ee0e0c73dd81fd144dab67c77d1534c67dce0658ccb97e
SHA512

182a5541bde07b831cfda604b4bf892a76e0bfd5006c668f50e5ac9f390c07dba9cb7c6c39701fa4a70e7e830190f31faabb06804555887bfdc44006f8a1d8a0
SSDEEP

192:2wcI0jT9GYv35Th0lmk4hmoYcLRg+tsNbvv2DGvbcjM:2bpGYv35Fq7oYcLRFdwYj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04a77a088f9fbba4cda50419cdaab841_JaffaCakes118

Files

04a77a088f9fbba4cda50419cdaab841_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4858ce8200373243cbb90d0dcdcb1c42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
Sleep
GetSystemTime
GetWindowsDirectoryA
GetModuleFileNameA
GetLastError
WinExec
lstrcpyA
CreateThread
CopyFileA
DeleteFileA

user32

SendMessageA
GetDlgItem
GetParent
SetWindowsHookExA
wsprintfA
SendMessageTimeoutA
RegisterWindowMessageA
ShowWindow
FindWindowExA
PostMessageA
GetWindowTextA
GetClassNameA
CallNextHookEx

comdlg32

GetFileTitleA

ole32

CoInitialize

wininet

InternetOpenA
FindCloseUrlCache
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetOpenUrlA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetConnectA

msvcrt

_beginthread
_mbsrchr
strtok
strrchr
??3@YAXPAX@Z
??2@YAPAXI@Z

urlmon

URLDownloadToFileA

shlwapi

PathFileExistsA

Exports

Exports

starhook

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ