34c05e5df72cb6efaa9872005ef1fe80_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

34c05e5df72cb6efaa9872005ef1fe80_JaffaCakes118
Size

7KB
MD5

34c05e5df72cb6efaa9872005ef1fe80
SHA1

04b419a0e3901276a1a165cb4b53764abdc3d3e6
SHA256

2f1a7cdee7b7919a02840ad400e2106c5f1270a5fd3a0935d46efa65c36b8e87
SHA512

7d60c033eabe21c5e413b2bf1e6b8ac764aeab58603103c18979a746365db76ac6da34199daa82531220a75c8a497d3449e44e52d81c4de69b3ef6ff1535131c
SSDEEP

192:EVd77fpEKFptyrN4dRWbemsi63b2d1PG79dyC7/u1/:EVdvf2K0xai63bsGzu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34c05e5df72cb6efaa9872005ef1fe80_JaffaCakes118

Files

34c05e5df72cb6efaa9872005ef1fe80_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5e048ae462c961c71be476decf0e8cf7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
CreateThread
GetCurrentProcessId
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetVersionExA
VirtualAlloc
VirtualFree
VirtualProtect
WideCharToMultiByte
lstrcpyA
lstrlenA

user32

CharLowerA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

Exports

Exports

MessageHandler
SwitchOff
SwitchOn

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 757B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ