94fea91a8e9de14467edb1a52a6ad589_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94fea91a8e9de14467edb1a52a6ad589_JaffaCakes118
Size

536KB
MD5

94fea91a8e9de14467edb1a52a6ad589
SHA1

c4c45ecd548ac0ec07c1eaf83117ec8a2848a7e2
SHA256

0e6477203bb2bf21c3d70c47c4c35be891d03b933537208c36ba7e4905a46b23
SHA512

e80e8a943747884fe9f41f4794fc07a78b3979bf7e583f78b2cac72a183c3f248f0c63e8d92dc9ee161cf91d6ec27003aad252e9f0b33b3bca6ebc27baa33010
SSDEEP

12288:pBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYBh3:pBhYBhYBhYBhYBhYBhYBhYBhYBhYBhYr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94fea91a8e9de14467edb1a52a6ad589_JaffaCakes118

Files

94fea91a8e9de14467edb1a52a6ad589_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f3f6d532b71d996e99c99b7670cdc6bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetMessageA
wsprintfA

kernel32

CloseHandle
CreateFileA
CreateThread
DisableThreadLibraryCalls
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
LoadLibraryA
ReadFile
RtlMoveMemory
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess
VirtualProtectEx
WideCharToMultiByte
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA

advapi32

RegQueryValueExA

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 999B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ