45721e82d415e0b70ceacdc62500b169_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45721e82d415e0b70ceacdc62500b169_JaffaCakes118
Size

14KB
MD5

45721e82d415e0b70ceacdc62500b169
SHA1

c0ef773d9276735da851c4152c78e63b90ed32fc
SHA256

05d46da776259bd9a2f64f6d6ad74016f3a0c2da0bf8612964db3c30ca91463d
SHA512

eb95b07065fddbed3d18f0a1fe16cfa080dc041341d87e9d520cf3054c7f89e59b9ee2ce5c5265b989b87d93221ec04f32d99ed094b5252b1d5266a86700d743
SSDEEP

192:NF0CXGiVFfWQ3Vi061FkYmhpuRjMMTu+Fh0kTbu5bIRiBSPjOVexsbiZAoz:NFDL3Fi0BhpeBDT0gsERUSPjOVrxoz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45721e82d415e0b70ceacdc62500b169_JaffaCakes118

Files

45721e82d415e0b70ceacdc62500b169_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b0f30dbdeb231c2b583adb22455d1726

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord4486

msvcrt

malloc

user32

UnhookWindowsHookEx

Exports

Exports

KeyboardProc
UnHook
installhook

Sections

.text
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE