73741b62a29b72e7691a8fc3358872fe_JaffaCakes118 | Triage

Sharing

General

Target

73741b62a29b72e7691a8fc3358872fe_JaffaCakes118
Size

29KB
MD5

73741b62a29b72e7691a8fc3358872fe
SHA1

b096fda2ce0e41c1f3db946903bdb5256d294f2e
SHA256

583324ae63e3eeeb59f4cac3e22fe04138bf2b35428eacda8f04039809cf07d4
SHA512

fe6cc546debf1e6e85b9ab8bfc3cd5146d2eccc9a828aaddc242d3d81113d2e6e8cc9f1eab7fc62d932e439c2f53495839b0a96b51cd799b744be2e0d0a83fdf
SSDEEP

384:VlJmX/nX9L+8nlH7P2XHV1YBRlqG5SxiQ5/Oh6m/wvJgQSJeycwpsaUW2WauWNmV:VlmLdlbCV1xESxZOhN/GymOsa9DACv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73741b62a29b72e7691a8fc3358872fe_JaffaCakes118

Files

73741b62a29b72e7691a8fc3358872fe_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e7ae4e0fce4b805207898ad747176305

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetWindowsHookExW

ntdll

NtQueryInformationThread

Exports

Exports

getActiveDesktop
getSpecials
getWnd

Sections

.text
Size: 23KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE