25e3f08d0df9221718e721463de07cae_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25e3f08d0df9221718e721463de07cae_JaffaCakes118
Size

24KB
MD5

25e3f08d0df9221718e721463de07cae
SHA1

d87be2ce9a1bfbc02a58f17dcb17a7deb7035b78
SHA256

0b225fe25ab7d3cac605012baaa416a8ec427a4689a7054ffe7be1a31d2d4341
SHA512

a3bd4d6a04392c1290ec393c0a9782845b7eb89c80befa98523285781cfe3a6dde85262b19557a829e53e1e2b5f32a812883eac0a8332388e2eca682fa8e8d45
SSDEEP

96:ShLVAkKrq6VOX53fzfjAGWSreWAzBDKS:aRAZqPX5fzfCZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25e3f08d0df9221718e721463de07cae_JaffaCakes118

Files

25e3f08d0df9221718e721463de07cae_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c66e0861537c46a6295a120a823b05b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
SetFilePointer
CreateFileA
LoadLibraryA
GetProcAddress
GetCurrentProcess
lstrcatA
GetCurrentProcessId
GetLocalTime
lstrcpyA
GetCurrentThreadId

user32

SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
SetWindowsHookExA
GetKeyboardState
CallNextHookEx
GetActiveWindow
wsprintfA
GetWindowTextA
ToAscii

msvcrt

_adjust_fdiv
malloc
_initterm
free

Exports

Exports

SK

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ