a7e06b88dd70eeda3203a0cd0c393172_JaffaCakes118 | Triage

Sharing

General

Target

a7e06b88dd70eeda3203a0cd0c393172_JaffaCakes118
Size

5KB
MD5

a7e06b88dd70eeda3203a0cd0c393172
SHA1

3bce55f672ea3495bd08f6a87837b05a0ae3dd3a
SHA256

504ed4cedabda0d757eaae98ee555bd5f430bec560fc4757a679f2be037b4114
SHA512

791a9791c6f97f025a03623e48b2ffbcde661e191534da2c1d0d8259543d31a505562dccc5a61cf4ac7d89760a27c8dd17b81fcdff481d538e8e35c4f16eb5e4
SSDEEP

48:iwcVFqXndUsun0PHf1Trotxsg97U5ggEelW8CX2w34C2L5WuZWblz8NGFe:6aXdxi0/fYxsgbgEpGdCqWWWV8NGI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7e06b88dd70eeda3203a0cd0c393172_JaffaCakes118

Files

a7e06b88dd70eeda3203a0cd0c393172_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9b833b30abea2cacdf4548cea4e6c4a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetWindowTextA
GetActiveWindow
CallNextHookEx

kernel32

lstrcatA
RtlZeroMemory
lstrlenA
CloseHandle
CreateFileA
GetDateFormatA
GetTimeFormatA
IsDBCSLeadByte
_lwrite
SetFilePointer
lstrcpyA

imm32

ImmGetContext
ImmGetCompositionStringA

shell32

SHGetSpecialFolderPathA

Exports

Exports

InstallHook
UninstallHook

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 552B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ