2a8eb2db41a3b1a4d12582c6a4600d38_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a8eb2db41a3b1a4d12582c6a4600d38_JaffaCakes118
Size

5KB
MD5

2a8eb2db41a3b1a4d12582c6a4600d38
SHA1

ae359b24ac725a5a532490509ee61963f8be8839
SHA256

17fb1e7657bbdf1814295cab9fc1f9d191ef869ee7230b66b45b562ce4f201d0
SHA512

ee81748feb590720b52dd3589d9581d56188e65e8eae4ca3b0d7ef94a3e7124c2e39c607bb0a1b08e4b50204bc665bfbc690d4a9d11d60602281f6303a7a191e
SSDEEP

48:6gklbzA6wUQEEiD4rAKaKzl/a4nOAeiPAIaiFcBakgkHQo:6gSxDEl/a4n7eiIIaihsHQo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a8eb2db41a3b1a4d12582c6a4600d38_JaffaCakes118

Files

2a8eb2db41a3b1a4d12582c6a4600d38_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3dc027572e800ae97110388bb9368780

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
WriteProcessMemory
EnterCriticalSection
lstrcmpW
lstrcpynW
lstrcpyW
ReadProcessMemory
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
lstrlenW
InitializeCriticalSection
HeapAlloc
GetProcessHeap

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx

Exports

Exports

Hook
Unhook

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDAT
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ