75e8445bd431a9da8b5d97442821cea8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

75e8445bd431a9da8b5d97442821cea8_JaffaCakes118
Size

347KB
MD5

75e8445bd431a9da8b5d97442821cea8
SHA1

bdf78e275dc51c575157daed1b21082ed528aec4
SHA256

5bd6e89d9d3769c9b3637b4c8bdd65bcea4b1696ec1e09cd86b6eab4621d8226
SHA512

6b053ba3a731623c0359d35b4ee951afa84e0ab454cd53016c59ae91e9539b9f67d31a0795c07dc379bfe820875e31e3c7b1847218cc90858e0183ae555df206
SSDEEP

6144:YVQoDcqzwuoHU0/K5yBn3CIkwOVC8nDKaOqqDYSVFLH:YnXMU0/KSnvMC0av9H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Titan短信轰炸机 0.6.4/Hook.dll

Files

75e8445bd431a9da8b5d97442821cea8_JaffaCakes118
.rar
Titan短信轰炸机 0.6.4/Hook.dll
.dll windows:4 windows x86 arch:x86

bd3694cca18a81090dceacaaad4cfa39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\documents and settings\administrator\my documents\visual studio 2005\projects\hookprocess\release\HookProcess.pdb

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
OpenProcess
VirtualProtect
EnterCriticalSection
SetLastError
LeaveCriticalSection

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
MessageBoxA

Exports

Exports

Hook
UnHook

Sections

.text
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 773B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Titan短信轰炸机 0.6.4/Titan_Save.ini