19dd4f75956c40b859330ab5c1061e17_JaffaCakes118 | Triage

Sharing

General

Target

19dd4f75956c40b859330ab5c1061e17_JaffaCakes118
Size

19KB
MD5

19dd4f75956c40b859330ab5c1061e17
SHA1

41f6de09434851777604e0685fab93c322c5c7fb
SHA256

1cbadf66a624a89cead91929376f46e23dbbd450a58dba465ee85b1fa15ef549
SHA512

9bfe13893cf7f489dadef84e1c8aae2c10768dd0ba90b0f090358578fff6c9a8662fadb6098759a30dc096a4b4b45cf134af72b22d7690820d40dc7348c2781b
SSDEEP

384:NzFNAKBCysiH6wFtkLV/tbfMPmyMMOQvrd:ZCyswFMVbfdMOQv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19dd4f75956c40b859330ab5c1061e17_JaffaCakes118

Files

19dd4f75956c40b859330ab5c1061e17_JaffaCakes118
.dll windows:4 windows x86 arch:x86

06cab0ba33392b864f4647fc369ffad1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowTextA
GetMessageA
GetForegroundWindow
GetClassNameA
wsprintfA

kernel32

lstrlenA
lstrcpyA
lstrcmpiA
CloseHandle
CreateFileA
CreateThread
DisableThreadLibraryCalls
GetCurrentDirectoryA
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
LoadLibraryA
MultiByteToWideChar
ReadFile
RtlMoveMemory
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess
VirtualProtectEx
WideCharToMultiByte
lstrcatA
lstrcmpA

advapi32

RegQueryValueExA

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 227B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ