f208749e75aba5e044f4838b57b6b0f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f208749e75aba5e044f4838b57b6b0f2_JaffaCakes118
Size

24KB
MD5

f208749e75aba5e044f4838b57b6b0f2
SHA1

9f67160268d66234e5fe3a9965a2e2492fc8d00c
SHA256

cfff28a89281052f3f1eb283e8074a625c6847459d1fa5f0ff2eca4525ae0a8e
SHA512

3f48efa5bca1e489a41782e7d229407c90dcbc30af836842b08577c0eca0ecb200f66ecfa92d398c3dc127d6d446d5c3f5032b1bbe0a0db9c2fd2123cc94c8a4
SSDEEP

48:OEPZshp20rVy95IlkL72PtJc5bGqJI1soE4k4+246CZYAXHxd2MlZ:nPsk0Jy9XKPtCVG9sOk4+xHxcS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f208749e75aba5e044f4838b57b6b0f2_JaffaCakes118

Files

f208749e75aba5e044f4838b57b6b0f2_JaffaCakes118
.dll windows:1 windows x86 arch:x86

0fcef9e6f58fe01fab330f8e5582d761

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

CallNextHookEx
SetWindowsHookExA
MessageBoxA
FindWindowExA
GetActiveWindow
GetWindowTextA
UnhookWindowsHookEx

kernel32

GetWindowsDirectoryA
GetProcAddress
CloseHandle
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
WriteFile
VirtualProtect
GetModuleHandleA
SetFilePointer
LoadLibraryA
CreateFileA

wininet

InternetReadFile

shell32

StrStrA

Exports

Exports

MHook
MUnHook

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ