ed03f6ea57b0cb75a53e9ed94f186b12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed03f6ea57b0cb75a53e9ed94f186b12_JaffaCakes118
Size

16KB
MD5

ed03f6ea57b0cb75a53e9ed94f186b12
SHA1

c6e2248f43c765c927ae28417ba6132ef5518d26
SHA256

bf9f0a5089eac30d3b4f4fd36833d6fec06d6ef40adb1595714bea950252e0bb
SHA512

d59f74fbdfa873635d9bc6f78d4e36e7593b526c81f8c0740bc0dc9e787dc254cb05e3ab9672ea2575916393bed9a4a23a844164f315d25f3f455912f5ac9c0f
SSDEEP

192:S3Jznb5RZ3WLZQQf3UITnace5xxdqo2qlkNhK1e46V26i2sT899AdGq:S3JzvQ52hxxd2qmjio2f2c89cGq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed03f6ea57b0cb75a53e9ed94f186b12_JaffaCakes118

Files

ed03f6ea57b0cb75a53e9ed94f186b12_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2a0add4c0b2dd9add90b741584983586

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetMessageA
CallNextHookEx
wsprintfA

kernel32

Module32First
lstrlenA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
LoadLibraryA
Module32Next
Process32First
Process32Next
ReadFile
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess
VirtualProtectEx
WideCharToMultiByte

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ