78035cc6a10a37f33e538a5c01382bf4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

78035cc6a10a37f33e538a5c01382bf4_JaffaCakes118
Size

24KB
MD5

78035cc6a10a37f33e538a5c01382bf4
SHA1

02214b49818720b0a41e0761bcbacfa617778083
SHA256

0e4e432e3185316a60116d1e1db30050b43dcbd73527bc914d36ca562cea7b8f
SHA512

b17fc3d783740f968e5ba2205b354fdc5336fb879d6b968aad21844ca861c36c577d32e333b7236a3140f90435d3b5035998f924e8ccdc01cd834dc7f48335d3
SSDEEP

96:44vwNLT7MmIUUHNf+xvXIaKBHlzUWhqUGE8GzIyPyLOv/uK5iTwnKhb0:dkQCXuZhyLOv/uYiTwKhb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78035cc6a10a37f33e538a5c01382bf4_JaffaCakes118

Files

78035cc6a10a37f33e538a5c01382bf4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

46f05db11d99ca349dbb54abe9dcd705

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1182
ord342
ord1253
ord825
ord2818
ord823
ord1168
ord540
ord800

msvcrt

_adjust_fdiv
malloc
_initterm
free
tolower
strstr
strncpy
strrchr
__CxxFrameHandler
_stricmp

kernel32

LoadLibraryA
CreateToolhelp32Snapshot
Module32First
GetShortPathNameA
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
WideCharToMultiByte
CloseHandle
UnmapViewOfFile
GetCurrentProcessId
WriteProcessMemory
VirtualQuery
Module32Next
lstrcmpiA
GetCurrentProcess
GetProcAddress

user32

CallNextHookEx
SetWindowsHookExA
MessageBoxA

dbghelp

ImageDirectoryEntryToData

Exports

Exports

InstHook

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ