32feceb479b669ff8a5179d3fee24aee_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32feceb479b669ff8a5179d3fee24aee_JaffaCakes118
Size

25KB
MD5

32feceb479b669ff8a5179d3fee24aee
SHA1

2f1b4138c7ff5ac00221125b892492710bd09440
SHA256

9efd0f6128e0bbc8de564a6cca7938af5dfe60ab89e2d98c01ca11ff0ae9a027
SHA512

f0a877f025614c7b1230aa40ddc1dd766d9b93c805704f91c695cafc3c33fbd205249c634bd8907d77c5049a3da215a3e63b034a056df46f686d9e80aa612d66
SSDEEP

384:4HuRK0zTRiC7dzhD9Vuc68PyRAsJCG4Q90I0iCaYL2iaQU59RnaXo45:4HKVRTUc6ZRW/JI1L/59RnGP5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32feceb479b669ff8a5179d3fee24aee_JaffaCakes118

Files

32feceb479b669ff8a5179d3fee24aee_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a5e3d6b5153b089e97fbd11429ecc19a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

RegisterWindowMessageA

Exports

Exports

?StartInject@@YAIPAUHWND__@@0@Z
?StopInject@@YAIPAUHWND__@@@Z

Sections

.text
Size: 20KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE