467d976bb3d7ba72751a2454bbdf6013_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

467d976bb3d7ba72751a2454bbdf6013_JaffaCakes118
Size

34KB
MD5

467d976bb3d7ba72751a2454bbdf6013
SHA1

985a401cd6b921d1f40e88ec6def1eec9d3855bb
SHA256

4b6685cc9175bc0e08f0f2907eda2a62e29d7b4b20014e90bb26fb208807b1c0
SHA512

024afd0f6f7815f7d41316c058ec836503a04ceb9124e5e6f3f105abbdf0ce9b1471f3bfe2bcae1719129c9742b30ad49d247355d229c07feed55fc8e3766100
SSDEEP

768:fj4FqLtZ4VHxzaw0CqjPXnk0UifS9QXdi8YUeDGq6bBtheCD:L4QLtyVHxOnUiq9QNPYUeDGJbBtD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
467d976bb3d7ba72751a2454bbdf6013_JaffaCakes118

Files

467d976bb3d7ba72751a2454bbdf6013_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f97ca656ffc2099072d3b3d60eab0ceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CallNextHookEx

ntdll

NtClose

Exports

Exports

getActiveDesktop
getSpecials
getSplit
getWnd

Sections

.text
Size: 28KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE