b6d1dd5288924a8342156be399ca39c8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6d1dd5288924a8342156be399ca39c8_JaffaCakes118
Size

4KB
MD5

b6d1dd5288924a8342156be399ca39c8
SHA1

d47e48a61ca2b6c782c3e324051a4f66c28bde46
SHA256

abb2fb5b180d64fba2791f12b817432b8b3be62bd51ccbeb4217267359f4ed2e
SHA512

0ff5adf782faa4be42f83122469c96382f153f0407c72f022e6497fecfa06e4580f7aec1ad2e70159477e7ffabdf92ea211a7edc1845facf538559c7c512fb0f
SSDEEP

48:qt9+3fYnnJvGzcgW4yvKif0Oogn9fyc9q:20wnpwcgxpSHo6fyck

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6d1dd5288924a8342156be399ca39c8_JaffaCakes118

Files

b6d1dd5288924a8342156be399ca39c8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

86ffb3178138cae5449d1211e6a208a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
lstrcmpA
lstrlenA
GetModuleFileNameA
GetProcAddress
LoadLibraryA

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
CharUpperBuffA

Exports

Exports

HookDone
HookInit

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.InjectD
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ