a465691bbba53645bf425372baae1569_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a465691bbba53645bf425372baae1569_JaffaCakes118
Size

24KB
MD5

a465691bbba53645bf425372baae1569
SHA1

297f77a61205f5ec284dcfc05cfa571b30cc1bf7
SHA256

66105e83117cc4430b5d9416b6f93ddb97e81449430f06a57d4b3716a5c3ac47
SHA512

0ff3527b96ea9cdf4f78baabc0058e519d8d91f4b4604c64cb129d3f669690f783ac74b7910872536ad3846b961d324a3922515bb4aa14c6fdd4ec667d429cc6
SSDEEP

768:ufl8OA726q/eR0PbAXLUa8d89YaATIIJEhQ:YWBi6BOzIH8C9G0R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a465691bbba53645bf425372baae1569_JaffaCakes118

Files

a465691bbba53645bf425372baae1569_JaffaCakes118
.dll windows:4 windows x86 arch:x86

41507753530d76bf751bd1509806ec8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

Exports

Exports

StartHook
StopHook

Sections

CODE
Size: 19KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE