af4326a619a9ede7a233101f98465372_JaffaCakes118 | Triage

Sharing

General

Target

af4326a619a9ede7a233101f98465372_JaffaCakes118
Size

4KB
MD5

af4326a619a9ede7a233101f98465372
SHA1

023a5240983f8aeb089832ce7924afc981e45f6b
SHA256

ebd675d9946ef40a00f206edce245bb304e17706674647f2ac959b67a7896d1e
SHA512

0880aaddd098dd27b6e033cc2ac5ba4eac620012f23f9de35bca1ff3d84bf3035ba0188e58f05d502e75e73e4c9cda58bbcbc6b929c9223d0cc317d78da0ba99

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af4326a619a9ede7a233101f98465372_JaffaCakes118

Files

af4326a619a9ede7a233101f98465372_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f4c390e9a9fbed71e05bfcef1006d1f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx

kernel32

GetLastError
lstrcmpiW
WriteProcessMemory
Sleep
ReadProcessMemory
CloseHandle
CreateMutexA
CreateThread
GetModuleHandleA
GetProcAddress
MultiByteToWideChar

Sections

.text
Size: 1024B - Virtual size: 878B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 517B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ