48bc689a9885b29ec7273e70ee172c94_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48bc689a9885b29ec7273e70ee172c94_JaffaCakes118
Size

12KB
MD5

48bc689a9885b29ec7273e70ee172c94
SHA1

6df3833da592c0424b31c2896ab14941ff3083b6
SHA256

7236c6225eb45d6d8e40996a42c50c7119ee874dddddcd8692feed85d19b682a
SHA512

8a7014ca4b18aba59e5415ef608cedc25d95423945f5bd37bb56e0f3e01e553eae7e7a98d85d6deebdee69e78abfe569b067a4fcedbfc12655fe8e47a428c2a2
SSDEEP

192:MvopWcgJzonRu8l2MaKz6dFEgf6o/4N2esvP4fQ+qjI8JY:vA5Gng8sM2kVmesvm0IKY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48bc689a9885b29ec7273e70ee172c94_JaffaCakes118

Files

48bc689a9885b29ec7273e70ee172c94_JaffaCakes118
.dll windows:4 windows x86 arch:x86

721b916f3051151bc2077c7c28b34145

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
GetVersion
Sleep
GetVersionExA
GetTickCount
GetVolumeInformationA

user32

LoadCursorA
GetCursorPos
GetClientRect
GetWindowRect
LoadImageA
GetForegroundWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
PostThreadMessageA
ClientToScreen
IsWindowVisible
GetCursor

oleaut32

SysAllocString

Exports

Exports

Data
Event
Start
Stop

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 818B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARDATA
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ