4c347c9c5402bdf62a74e3ae2daa3514_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c347c9c5402bdf62a74e3ae2daa3514_JaffaCakes118
Size

7KB
MD5

4c347c9c5402bdf62a74e3ae2daa3514
SHA1

1376219e7de249f5fd5b2c26a4ca0cc5e259284f
SHA256

1a3a7cb166616fd78f70440090f4bb8c089c78055df1d1fdc50dbeef19a8e878
SHA512

edd1304810cc6f67f7ee5a2e1cb16a1ad7db02ae4ad112a42269d1c13e31cb6bfa87901ddd593003eb05ca0d75b391b81f0decf9dee30abe544df77da876c978
SSDEEP

96:cbGntkzrV6QDLeBzhmW+AndsgFhSIlxJ+04eLxnDx2FpqyE6rnm5BKS2sclG+t78:cqnCzr426BzhbyuhSE2FpqYrn+qvA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c347c9c5402bdf62a74e3ae2daa3514_JaffaCakes118

Files

4c347c9c5402bdf62a74e3ae2daa3514_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5b2fb7c08d511bf6184e66d6f4c15eb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
strcpy
strlen

kernel32

CloseHandle
WriteFile
SetFilePointer
CreateFileA
GetCurrentProcess
GetProcAddress
LoadLibraryA
lstrcatA
GetCurrentProcessId
GetLocalTime
lstrcpyA
GetCurrentThreadId

user32

OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
SetWindowsHookExA
GetKeyboardState
ToAscii
GetActiveWindow
wsprintfA
GetWindowTextA
CallNextHookEx

Exports

Exports

SK

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 234B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ