4998dd3d23d0d84766f7b60630b32485_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4998dd3d23d0d84766f7b60630b32485_JaffaCakes118
Size

13KB
MD5

4998dd3d23d0d84766f7b60630b32485
SHA1

572786c9d4940c00d33b8b164976269d1e20bf95
SHA256

643f3e5fb6f2033005946c986b05e5267c252cc7d9f91114e94b7c295adf1425
SHA512

14cd42afe697a0cc49197f55863498b6245a25d39786bbb976a472b70caa048aac0d7cb55293a2d35c674418682fb1ae86579999a352634a93a36679bde46c14
SSDEEP

384:SALAWm3yncHUPoe6BOCtQVTpWNHDIsGg:SAEd3sGe6BOf5WHDI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4998dd3d23d0d84766f7b60630b32485_JaffaCakes118

Files

4998dd3d23d0d84766f7b60630b32485_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ceeb4481b95acd72e48a8259e988bba1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord5302

msvcrt

??1type_info@@UAE@XZ

user32

CallNextHookEx

ole32

CoInitialize

oleaut32

VariantClear

urlmon

URLDownloadToFileA

Exports

Exports

?DelHook@@YGHXZ
?SetHook@@YGHXZ

Sections

.text
Size: 7KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE