6a9979b4d891a81ed4808d2490331bbe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a9979b4d891a81ed4808d2490331bbe_JaffaCakes118
Size

6KB
MD5

6a9979b4d891a81ed4808d2490331bbe
SHA1

0e01981bdcbcf49fe4dc7497a31a47a726566aa3
SHA256

150830c6fa5375f60619dc68eaf518d73549cbf90ace5c8dd8f7e10edf25845e
SHA512

abf6345b2cc55c24d89883eead420cc6bb87c18dbc5722e5fced0058a203dff9c97695a4c4bf782151345ffbf952889dba959b556660c57621caf8190fde3a00
SSDEEP

96:qui6WfWTNBaWxBD9+KapzMMN+EUmHiXxuagyQ:qwWGBrxB5+vSByiM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a9979b4d891a81ed4808d2490331bbe_JaffaCakes118

Files

6a9979b4d891a81ed4808d2490331bbe_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b264c814dcd2e6303523b0628fab57fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imagehlp

ImageDirectoryEntryToData

user32

CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx

kernel32

GetCurrentProcess
WriteProcessMemory
GetCurrentProcessId
CloseHandle
Module32NextW
CreateToolhelp32Snapshot
HeapAlloc
HeapFree
GetCurrentThread
GetProcessHeap
SetThreadPriority
DisableThreadLibraryCalls
GetModuleFileNameA
lstrcmpiW
VirtualQuery
LoadLibraryExW
LoadLibraryW
lstrcmpiA
GetProcAddress
LoadLibraryA
Module32FirstW
GetSystemInfo
GetModuleHandleA
LoadLibraryExA
VirtualProtect

Exports

Exports

start
stop

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDAT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 314B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ