a8dcbb6b2ec570c7b536a082ac01ef96_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8dcbb6b2ec570c7b536a082ac01ef96_JaffaCakes118
Size

16KB
MD5

a8dcbb6b2ec570c7b536a082ac01ef96
SHA1

63059e1d3859e97c516d67eaebe0e35ae696167f
SHA256

bb285262ef85a75dadbfeadbec095426da0c703816b433ad885e511f7b86a397
SHA512

b2f4d30c71623cda10ac028581e4b6649b39153e78c51461a4800fc1855461b0061c1c046584b00c0b1f181c91b45aa98f172629e3780774eae6a4c6414794fd
SSDEEP

384:HYlrTJ75ufOfmV5ZPaKtWcXj3o2f589ISP:gOfkmV3PZWu39o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8dcbb6b2ec570c7b536a082ac01ef96_JaffaCakes118

Files

a8dcbb6b2ec570c7b536a082ac01ef96_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2a0add4c0b2dd9add90b741584983586

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetMessageA
CallNextHookEx
wsprintfA

kernel32

Module32First
lstrlenA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
LoadLibraryA
Module32Next
Process32First
Process32Next
ReadFile
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess
VirtualProtectEx
WideCharToMultiByte

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ