4b5157a78dca8d2c460b591684298f72_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b5157a78dca8d2c460b591684298f72_JaffaCakes118
Size

17KB
MD5

4b5157a78dca8d2c460b591684298f72
SHA1

247e658308f647649051fd7a09c2ecb4df1912e0
SHA256

d5f4092bd1ee8fd9def23cac5d35cd8b2825c9830451ea7cd856e4f766c089fd
SHA512

5d82b1f37b5e1388e4622ab12a8ecb71785613c1dc03d8b9a695a6c4e838e0c18a200c8d62672591cdfa7636d83bf107dded79790f48f6e62aecbcdf33279bb7
SSDEEP

192:MEJd265PHzUwjXbKQsTZEV0u8KgPMWQ/oLc/JUeLaPT326iDrZUO0Dr:vdTrK9ZEV0u8KgPBDoUeqT2fZUOKr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b5157a78dca8d2c460b591684298f72_JaffaCakes118

Files

4b5157a78dca8d2c460b591684298f72_JaffaCakes118
.dll windows:4 windows x86 arch:x86

acdb382a54143041d6c6fb3ea11a52b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetMessageA
CallNextHookEx
wsprintfA

kernel32

Module32First
lstrlenA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
CloseHandle
CreateFileA
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
DuplicateHandle
GetCurrentProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
LoadLibraryA
Module32Next
OpenProcess
Process32First
Process32Next
ReadFile
ReadProcessMemory
RtlMoveMemory
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess
VirtualProtectEx
WideCharToMultiByte

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ