3e02a4718436f2100c5689a0c71d81eb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e02a4718436f2100c5689a0c71d81eb_JaffaCakes118
Size

59KB
MD5

3e02a4718436f2100c5689a0c71d81eb
SHA1

33b4e4ed20d1ea34e4012c82be6a7e16f88fe72c
SHA256

9f7972559f9a62c2780ef73d68de15d664d864c8b1a37daf391604b5bad0b802
SHA512

a463b1b713ab99d4cc5ce0f389f082cb5eaca0dbdff122aa6e53e1a58cfd3426d96aa6ac8d400caab17fb45fb2765682bc6c01b42f53521ee97d2fd282ebd219
SSDEEP

192:FBsQ2U3PV3myW64+1vbWH0BPEO5rsdjzHQ0WGej9nUh4:FBkA1vXwKHGih

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e02a4718436f2100c5689a0c71d81eb_JaffaCakes118

Files

3e02a4718436f2100c5689a0c71d81eb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8c6b1bec77e5091cab0889d8380ce18e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

RegisterWindowMessageA

msvcrt

??3@YAXPAX@Z

Exports

Exports

?AddHook@@YG_NK@Z
?DelHook@@YG_NXZ
?ScanPwd@@YG_NQAUHWND__@@0@Z

Sections

pec1
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec3
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pec
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE