27cb435366ecad267491c9440da51d95_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27cb435366ecad267491c9440da51d95_JaffaCakes118
Size

18KB
MD5

27cb435366ecad267491c9440da51d95
SHA1

9bbb90961d1eae6b47f6a530b758336021c03dfd
SHA256

02c2fcddf00e1491a7967b5530478ea3c7f7bc0e397c5c550e6b7c9dae65b015
SHA512

fab742fa3a323ae85ab1e837eccd7885ded99ec7877b83f0acda07641b58762288a503de48a9e9d0b2156e22e27f503b5ff9a7cbdd40d059ebafb643fdc78249
SSDEEP

384:TSfVVH9ga2YFydSva91kRg5W4+PtLoP3a1xdTdvxfhReXPySyMDvo:2OSva9OR7V71xldpfTIc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27cb435366ecad267491c9440da51d95_JaffaCakes118

Files

27cb435366ecad267491c9440da51d95_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b3e0395286f09a039c649cd9bd85eeda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetSystemDirectoryA
IsBadReadPtr
lstrcpyA
lstrcmpA
ExitProcess
lstrcmpiA
Sleep
lstrlenA
GetTickCount
lstrcpynA
WritePrivateProfileStringA
GetSystemTime
GetTempPathA
GetPrivateProfileStringA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
CreateThread
UnmapViewOfFile
OutputDebugStringA
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
FindWindowA

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetConnectA

Exports

Exports

Hookoff
Hookon

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ