1ac916d4143d175a918e78f7838a59c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ac916d4143d175a918e78f7838a59c1_JaffaCakes118
Size

8KB
MD5

1ac916d4143d175a918e78f7838a59c1
SHA1

17ebfbfec2d160c52dca3bd037c711e7a59d9102
SHA256

c491fab6a6e0cbcfa272cd1ad773a8af04f8a5934a463ed89842fc2d7c6efa7b
SHA512

f878b1d1b19f4185ffe23c6d4a7abd10d90ebb4c024d287ea7ac69a8ff0d1fc8dfee5fae2691892b975d2d3cb99039d041953385da15b5bed348e62b967390fe
SSDEEP

96:WygLkqX9qiMNEJelNDWe2uVvj+eU3SYYZHK7VcOe2EwB2Dusoq6++Hb/G4Y:WygLkM9HxJEW7cLYcBjU2Dusoqa/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ac916d4143d175a918e78f7838a59c1_JaffaCakes118

Files

1ac916d4143d175a918e78f7838a59c1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a6db2bcb0d672c0fa8aba87f42c7ea20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
LoadLibraryA
GetModuleFileNameA
FreeLibrary

user32

ShowCursor
GetCursorPos
LoadCursorA
DestroyCursor
GetWindowLongA
LoadImageA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetClassLongA
SetCursor
CreateWindowExA
ClipCursor
DestroyWindow
SetCursorPos
GetClipCursor

msvcrt

_stricmp
_adjust_fdiv
malloc
free
??3@YAXPAX@Z
_initterm
??2@YAPAXI@Z
strtok
_itoa
atoi

Exports

Exports

Click
ConfineCursor
CursorVisibility
DLLInfo
MoveCursor
RestoreCursor
SetMouseCursor
SetMouseCursor2
SetStdMouseCursor
SetStdMouseCursor2

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ