276462523bebb852b8ce3c8e0227fac9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

276462523bebb852b8ce3c8e0227fac9_JaffaCakes118
Size

9KB
MD5

276462523bebb852b8ce3c8e0227fac9
SHA1

33b52b8437d54fe79274c08c2ca25b60b979e5f5
SHA256

01968b48ed9723a8cb0b82cdeafae4de28f6af14b2b51d72d2eded3f0a4aed3f
SHA512

738d8d0e76cfe02b27f88ea0648b5acfffd351ff0f9d59f32b76372784b6af0ac2fc4eb236741b2d88d98b42a5a58fdb67a16fd60e0db24db0f00ff7c8a40a0b
SSDEEP

192:jfMKAkMsoaErbmcv7HDp8srgq/DpfK9XQgd0p:TMKAkMba6mcv798sgq/DeQgWp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
276462523bebb852b8ce3c8e0227fac9_JaffaCakes118

Files

276462523bebb852b8ce3c8e0227fac9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5b1a99aa070b4bbdf90c880fd0f43eb2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
CreateThread
VirtualProtectEx
GetCurrentProcess
GetModuleFileNameA
Sleep
GetCommandLineA
GlobalFree
GetProcAddress
GetModuleHandleA
ReadProcessMemory
GlobalLock
GlobalAlloc
GetPrivateProfileStringA

user32

GetAsyncKeyState
CallNextHookEx
ToAscii
SetWindowsHookExA

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

msvcrt

_adjust_fdiv
malloc
_initterm
free
_stricmp
memset
strlen
memcpy
strrchr
strcpy
strcmp
strcat
sprintf
??2@YAPAXI@Z
strncpy
strstr

Exports

Exports

fa
fc

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ