0e5463497ee8b5a193ee9aa740e18e66_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e5463497ee8b5a193ee9aa740e18e66_JaffaCakes118
Size

20KB
MD5

0e5463497ee8b5a193ee9aa740e18e66
SHA1

a752b82aac3cd5075b2c1e0853e78440c46f488a
SHA256

79d09b70b7b89530e7f53dd6d842de04da79475c7041304880a3f65b2b03cd77
SHA512

fcb6c538a53eba0ebef4beef0a8f1d141dd89b9994080529f519715aae37ead917d5f5ac50fe8b3f3425131676d11b4ec33b5dd2722cd03a06873b2e1309b16c
SSDEEP

384:SplBagex4Uibb8bL7X8f2GkPn8GebZKYGApn5M:U4ob6BVnTebZKypn5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e5463497ee8b5a193ee9aa740e18e66_JaffaCakes118

Files

0e5463497ee8b5a193ee9aa740e18e66_JaffaCakes118
.dll windows:4 windows x86 arch:x86

99391075aca5a4a1a79a16d2c6aee0e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
ReadProcessMemory
WriteProcessMemory
VirtualProtectEx
lstrcpynA
lstrlenA
CloseHandle
ReadFile
CreateFileA
lstrcatA
GetSystemDirectoryA
lstrcmpA
lstrcpyA
Sleep
WriteFile
WaitForSingleObject
IsBadReadPtr
CreateThread
OpenProcess
GetCurrentProcessId
GetLastError
CreateEventA
SetEvent
HeapFree
GetProcessHeap
HeapAlloc

ws2_32

inet_addr
inet_ntoa
gethostbyname
recv
__WSAFDIsSet
select
connect
socket
htons
bind
listen
WSAGetLastError
accept
send
WSACleanup
WSAStartup
ntohs
closesocket

user32

GetKeyState
wsprintfA
FindWindowA
EnumChildWindows
GetWindowLongA
GetClientRect
SendMessageA
IsWindowVisible
GetParent
IsCharAlphaNumericA
wvsprintfA

Exports

Exports

ApplicationConnect
ApplicationEntry
ApplicationRecv
ApplicationSend

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ