a81267c0626d0354f1179a8b4ac31dce_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a81267c0626d0354f1179a8b4ac31dce_JaffaCakes118
Size

11KB
MD5

a81267c0626d0354f1179a8b4ac31dce
SHA1

91a4a3559ecdaff37e32bddf963d28e3f45e6af9
SHA256

936efe1b0779fd880c7e359558ce39bd5e327e6d7b74e6074c4a76b564d3ce2f
SHA512

ac244478133ce4d6dbbeeeca593e217e8a036291eed9318d65410e07c4e01a4f36b199a36504819a9de99e5ffc78f972d37e014f4ca28d929e295b507a67f86e
SSDEEP

192:X6wgq98qmK0ASTFTCyhQUR89A62M3hnW6VW3Zz1im90wsmtLoH:sC8u0tFTCyhQURGA/qFW6VWZMm909mpo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a81267c0626d0354f1179a8b4ac31dce_JaffaCakes118

Files

a81267c0626d0354f1179a8b4ac31dce_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9e6f42c96ba23b37638951e606eb2d21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

UnhookWindowsHookEx

ntdll

RtlFreeAnsiString

Exports

Exports

getSpot

Sections

.text
Size: 5KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE