2c9390be706b71f233a86478339c1093_JaffaCakes118 | Triage

Sharing

General

Target

2c9390be706b71f233a86478339c1093_JaffaCakes118
Size

10KB
MD5

2c9390be706b71f233a86478339c1093
SHA1

3b98ca9af1ba753f055732a369724050ab32e240
SHA256

19afc04537dbfb2b96618e756fc69c1aece8cb02dea843d76fae7e888ad12724
SHA512

9ffe97e81bd6734e9e6e49bf3fa459f910929de4f32f37472d6365f19f58433d848c8a2659fd5d9d6fa45da0589d3039339ad33a9a9923fdb6f81510377c44a1
SSDEEP

192:t24CA8vlUAluK2Ywl/+pfK35KmG3oDvu:shA8vlUAluKUlmM5KmG3oDu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c9390be706b71f233a86478339c1093_JaffaCakes118

Files

2c9390be706b71f233a86478339c1093_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3cdd372a568cc10d0b21a5096a60f674

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
Sleep
VirtualProtectEx
GlobalFree
ReadProcessMemory
WideCharToMultiByte
GlobalAlloc
IsBadReadPtr
GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA
CreateThread
GetModuleFileNameA
GlobalLock
GetCurrentProcess

user32

CallNextHookEx
SetWindowsHookExA

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

msvcrt

_adjust_fdiv
malloc
_stricmp
_initterm
free
strcat
strrchr
??3@YAXPAX@Z
strcpy
??2@YAPAXI@Z
sprintf
strlen
strncpy
strchr
strstr
fclose
fread
fopen
memset
memcpy
strcmp

Exports

Exports

fa
fc

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ