3992f8fcb400463a856b1d563f32c11d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3992f8fcb400463a856b1d563f32c11d_JaffaCakes118
Size

24KB
MD5

3992f8fcb400463a856b1d563f32c11d
SHA1

3a3e72c3b2891f4599255582ff08e0f6d07aa042
SHA256

983bd496ce65466adc4e2ea8516cd637bb396bd7e7e87f04fb27529177f6784b
SHA512

46260acf24a305be86413ca2eb4c62bddbe1eea43915a909bcb46d621550e954f1303a463bd68163b7c878b3cf542f7e67518e8cfe13485aa1fd71a2fb489b40
SSDEEP

96:nBC6Y1lEhTn9tuLKa8aOUAR9NCtmJf5JULZy:nBk1lI9UjJWR9RXGL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3992f8fcb400463a856b1d563f32c11d_JaffaCakes118

Files

3992f8fcb400463a856b1d563f32c11d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

586fa857349fdb754acbef7ca45731ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
_adjust_fdiv
malloc
_initterm

kernel32

HeapAlloc
IsBadReadPtr
HeapFree
ExitProcess
GetProcessHeap
RtlMoveMemory
GetModuleHandleA

user32

SetWindowsHookExA
CallNextHookEx
MessageBoxA
wsprintfA
UnhookWindowsHookEx

Exports

Exports

��װ��̹��
ж�ؼ��̹��

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 615B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ