a8599f2c8ed7675bf28b5b9c50f1eb93_JaffaCakes118 | Triage

Sharing

General

Target

a8599f2c8ed7675bf28b5b9c50f1eb93_JaffaCakes118
Size

27KB
MD5

a8599f2c8ed7675bf28b5b9c50f1eb93
SHA1

e18497bfeeb990b014d76641da1ed59468e6959b
SHA256

7dbb4cea40009f1dd2bdbe8000606efed0f1600a23009aa11a4c1bc1a284759a
SHA512

fb83dc380a6e0481cc5a2189ca5a44fcfa49f2fe24af4264c7b8338bf725d70351822261ba6453939856c5a85876661164da678d667f1a715ec56d5626e3fad5
SSDEEP

768:VoQA3AmTDx2td2YBSzeuvATMWGCPokB65gt:V3A1TDmQYBSzeBGMZB65g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8599f2c8ed7675bf28b5b9c50f1eb93_JaffaCakes118

Files

a8599f2c8ed7675bf28b5b9c50f1eb93_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f0fe75fa175937b8937ac1ff544acf74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CallNextHookEx

ntdll

RtlFreeAnsiString

Exports

Exports

getActiveDesktop
getSpecials
getSplit
getWnd

Sections

.text
Size: 20KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE