5b6566cf6544d71d52a0412993e86b9a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b6566cf6544d71d52a0412993e86b9a_JaffaCakes118
Size

13KB
MD5

5b6566cf6544d71d52a0412993e86b9a
SHA1

698c5e1c3151ebeee1c3785cb822bb4288c88958
SHA256

12929c35325a6d3794922234e0df7d95036b4a16bc74784e75372af37074691a
SHA512

20b70e755e9da90578f6b99e95364ba26f0089306c83a494bb2fc7e89685c99343c00e5a1601259b7a0526ce1f467e6b695d8ae454ce62ba2e456c190b79b5c5
SSDEEP

384:SIJ/po4BbAE3RNoVfzsaF9R7Oqr+TZSAn:SwBoobl33sRvPrjK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b6566cf6544d71d52a0412993e86b9a_JaffaCakes118

Files

5b6566cf6544d71d52a0412993e86b9a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c5a7edd7844f55b41fe6b4598c9dfed1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Project\hook\hook\Release\hook.pdb

Imports

mfc71

ord1084
ord762
ord1175
ord371
ord1098
ord764
ord1191
ord1187

msvcr71

__CxxFrameHandler
wcscpy
_except_handler3
_resetstkoflw
free
malloc
memset
__security_error_handler
_initterm
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
__dllonexit
_onexit
realloc
memmove

kernel32

lstrlenW
EnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiW
LeaveCriticalSection
lstrcmpiA
GetVersion
GetLastError
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte

user32

UnregisterClassA
CharLowerW
CharUpperW
CharUpperA
CharLowerA
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA

oleaut32

SysFreeString

Exports

Exports

MouseHookInit
MouseHookTerminate

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 794B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5a7edd7844f55b41fe6b4598c9dfed1

Headers

File Characteristics

PDB Paths

Imports

mfc71

msvcr71

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 304B

.rsrc Size: 1024B - Virtual size: 528B

.reloc Size: 1024B - Virtual size: 794B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 304B

.rsrc
Size: 1024B - Virtual size: 528B

.reloc
Size: 1024B - Virtual size: 794B