2dd58b4175cae305456ead9e111f8ca9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2dd58b4175cae305456ead9e111f8ca9_JaffaCakes118
Size

7KB
MD5

2dd58b4175cae305456ead9e111f8ca9
SHA1

a02a084ee139ff26f73a19853377ebac31526f1d
SHA256

c9fffee07c3383f90acb751183ef61ff1b95dea75bea4c67ac454cf8aaabf061
SHA512

6b61e6496053cc0af5bce17cda16d1ac1123b94bab98a5f5155bbec94bb8b9ba56c471daf838a29c3e000bc5c51c1e9cc6ee82622694d857da647817f7f8b6c2
SSDEEP

48:6V/STU2hSWiRzEeHfaU9NNFD1oNgyAsc4ab9aRCPBkuBXRjJIB3:WOU66zEAXTFDWNgy1/w9aR9uBXRj+B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dd58b4175cae305456ead9e111f8ca9_JaffaCakes118

Files

2dd58b4175cae305456ead9e111f8ca9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dd25df5278c8c78bbd3063d8c1bd0c51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
ToAscii
SetWindowsHookExA
wsprintfA
PostMessageA
GetKeyboardState
GetForegroundWindow
GetClassNameA
CallNextHookEx

kernel32

LocalFree
lstrlenA
lstrcpyA
lstrcmpA
lstrcatA
ReadFile
LocalAlloc
GetVolumeInformationA
GetSystemDirectoryA
GetFileSize
CloseHandle
CreateFileA
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA

wsock32

connect
gethostbyname
htons
inet_addr
closesocket
recv
send
socket
inet_ntoa
WSAStartup

wininet

InternetGetConnectedState

Exports

Exports

InstallHook
KeyboardProc
MouseProc
UninstallHook

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ