8e72760e43d43776ab77eab606ae8389_JaffaCakes118 | Triage

Sharing

General

Target

8e72760e43d43776ab77eab606ae8389_JaffaCakes118
Size

3KB
MD5

8e72760e43d43776ab77eab606ae8389
SHA1

eee6d36206623496ee7748e76514aa77431a6997
SHA256

892833a3a9416c87827914eb66d72a44b5901c374d64586a32a771a2612cad39
SHA512

05e3dd67836e34212021c6bf1ca279380228d4b84bcb7f9cf86a9108cc0cf2464e3476c0f98f9778996874635d066ced18032f7b872d125ef0797655e59d3eb3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e72760e43d43776ab77eab606ae8389_JaffaCakes118

Files

8e72760e43d43776ab77eab606ae8389_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a41b113618c326721ef91b85fbb84b1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError

user32

CallNextHookEx
GetKeyboardState
PostMessageA
SetWindowsHookExA
ToAscii
UnhookWindowsHookEx

Exports

Exports

InstallHook
KeyboardProc
UninstallHook

Sections

.text
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 268B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ