83ed1518b572f3fb7164104539824c68_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83ed1518b572f3fb7164104539824c68_JaffaCakes118
Size

4KB
MD5

83ed1518b572f3fb7164104539824c68
SHA1

0fb0ce9c8f74aec3880e7e532146d9215a8e7360
SHA256

1377f683892b4a8189355bfa703fd7ad1f4fea463c5d1f48e16e45244ad71905
SHA512

c8555d1cef219f7dfda153f4d2352ddb588f23e0b6d821ae73417a8389ffc842dd3282d936171eeb5f6be900ddd0e3c0d1a7859df6af416aead6c229c46fdf16
SSDEEP

48:a6RNJxkGHbjoAq7WKUpAdHZpgHL2RltV0VS6DZwFtwSiJwq9lQFeFilV/gJ95F:FxkGMrwQZpgHsKVS6wtKwq9DilV/gn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83ed1518b572f3fb7164104539824c68_JaffaCakes118

Files

83ed1518b572f3fb7164104539824c68_JaffaCakes118
.dll windows:4 windows x86 arch:x86

15e51c12887f892f05633e75f9b8f54e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualProtect
HeapFree
lstrcmpiA
IsBadCodePtr
GetProcAddress
LoadLibraryA
GetModuleFileNameA
DisableThreadLibraryCalls

user32

CallNextHookEx
wsprintfA

Exports

Exports

t

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ