29a9138275309358317a0740a0f0a9ae_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29a9138275309358317a0740a0f0a9ae_JaffaCakes118
Size

20KB
MD5

29a9138275309358317a0740a0f0a9ae
SHA1

9af9eea02402f0a7faad49b86b4900af290e8df4
SHA256

6dad16af039789751da6b6c74d2558721e5f800705904b64ccaf6f6f3ef4016c
SHA512

c517c88c005de372ef6477762644cc137589b009f2bb9928b346073926498e61698a88e3e4b1ecc46af42e95f253cd2dd56444b18cc17cfbe09f20c902d8e565
SSDEEP

192:YH8D9658RtIT0f4kXqVWkzlzNmFLsstzsae7htwT+Hr0y:B9qeSq4kXcNmp1Te7htRL0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29a9138275309358317a0740a0f0a9ae_JaffaCakes118

Files

29a9138275309358317a0740a0f0a9ae_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2f4600ae91f74b9dcef942466251d037

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
TerminateProcess
FindClose
FindNextFileA
FindFirstFileA
Sleep
DisableThreadLibraryCalls
CreateProcessA
GetLastError

user32

EnumChildWindows
GetWindowThreadProcessId
GetClassNameA
GetParent
CloseDesktop
SetForegroundWindow
EnumDesktopWindows
PostMessageA
CreateDesktopA
SendMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ws2_32

WSACleanup
WSAStartup
connect
setsockopt
socket
htons
recv
closesocket
shutdown
inet_addr
gethostbyname
send

msvcrt

_adjust_fdiv
_initterm
time
srand
strchr
rand
atoi
strcmp
strcat
strcpy
_strcmpi
sprintf
malloc
strstr
free
strlen
memset
memcpy

Exports

Exports

GetDLlVersion
Run
Sunbelt

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ