56162ca1c5dd3a0b5b4cb1789d4470de_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56162ca1c5dd3a0b5b4cb1789d4470de_JaffaCakes118
Size

18KB
MD5

56162ca1c5dd3a0b5b4cb1789d4470de
SHA1

a02b0f959eb423b094fc387f5c7994d4c8eb18da
SHA256

e3c60b6120af6fbfcf03cf7db049d84c8063768c71edbba339e016b6483e1b22
SHA512

a396a71d95fbd7af3cb148f913f2a47aceaa6733f40a0ebcca75fdf7bbbffa58b72f1c2586d1503f4f7ed7ede59271bebc4627271a97d31dd8d3bf42214de334
SSDEEP

384:+hsUzh8CKWDg27GUsRbLq+7X5awTowAcFwY8Equ5K:Eh8tQsRa+9auCewY8EK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56162ca1c5dd3a0b5b4cb1789d4470de_JaffaCakes118

Files

56162ca1c5dd3a0b5b4cb1789d4470de_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3303b119de349397fedcc03913a294b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
TerminateProcess
OpenProcess
InitializeCriticalSection
Sleep
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
DeleteFileA
GetFileSize
CloseHandle
ReadFile
SetFilePointer
CreateFileA
GetProcAddress
lstrcpynA
GetProcessHeap
GetModuleHandleA
GetPrivateProfileStringA
GetModuleFileNameA
HeapAlloc
LoadLibraryA

user32

ToAscii
wsprintfA
GetKeyState
GetKeyboardState
MapVirtualKeyA

wininet

InternetCloseHandle

msvcrt

atoi
isalpha
isdigit
_strdup
realloc
_strcmpi
_strupr
strchr
??3@YAXPAX@Z
free
strcpy
memset
malloc
strcat
sprintf
strlen
strstr
_except_handler3
strncpy
strcmp
memcpy
strrchr
_vsnprintf
__CxxFrameHandler
_local_unwind2
_stricmp

wsock32

recv
connect
htons
socket
WSAStartup
send
gethostbyname
closesocket

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ