5f6bf0d65ba71b33411a9f54e7dfbf3b_JaffaCakes118 | Triage

Sharing

General

Target

5f6bf0d65ba71b33411a9f54e7dfbf3b_JaffaCakes118
Size

13KB
MD5

5f6bf0d65ba71b33411a9f54e7dfbf3b
SHA1

931710995d1f0e2a4a0eae6d436fd0281d3dbfb5
SHA256

3464186207ffc3f7c51fe9efb8ccd8e1765c810335b7192bc76593f0d768700b
SHA512

fa88a3eecbb853251c2b18f8316ede1aef65e83a1dc5bc68947bd6452d232d04e73c433ec55dbdaa723812486560de9f7b1046bf838aad795d294b664f485fbc
SSDEEP

384:RQwV/tU60shYdjtAcLZjs6LPyVx2PNMK:RJyoWxLFhzex2e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f6bf0d65ba71b33411a9f54e7dfbf3b_JaffaCakes118

Files

5f6bf0d65ba71b33411a9f54e7dfbf3b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4077b7a338590b244e66c5446737098a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetMessageA
GetForegroundWindow
GetClassNameA
CallNextHookEx
wsprintfA

kernel32

LoadLibraryA
lstrlenA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
WideCharToMultiByte
VirtualProtectEx
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
Module32First
Module32Next
MultiByteToWideChar
Process32First
Process32Next
ReadFile
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ