400889b718af827456d9ab70ba7db467_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

400889b718af827456d9ab70ba7db467_JaffaCakes118
Size

15KB
MD5

400889b718af827456d9ab70ba7db467
SHA1

8fd627a6be9485b6f3d278e1e3ecccdf3e4f2be9
SHA256

682e26e026fd1b82d31db3b5f144a792643b23ddcea6b4f7223ef50f747bb176
SHA512

d5d6bd68d7bb57ef91374e44a467b1d8b7395c6636ea0ad0e1c9c7f452ea8032e68e5da521a9bf4c2bb2d0c435cc5e5ab4604c59453a1c6cae1cfe725d61a42f
SSDEEP

384:zkYyVt/Awc7ESMf4hG64vKjaO9n7Giruk5ibkmjMJlaUJTv:zkZv0jJtT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
400889b718af827456d9ab70ba7db467_JaffaCakes118

Files

400889b718af827456d9ab70ba7db467_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fecf5ca3cf3a78d00d88f7ec055237d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetMessageA
GetForegroundWindow
GetClassNameA
CallNextHookEx
wsprintfA

kernel32

LoadLibraryA
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
VirtualProtectEx
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
DuplicateHandle
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
Module32First
Module32Next
OpenProcess
Process32First
Process32Next
ReadFile
ReadProcessMemory
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ