bfb316f0913d403a87615fce4bf4c66d_JaffaCakes118 | Triage

Sharing

General

Target

bfb316f0913d403a87615fce4bf4c66d_JaffaCakes118
Size

10KB
MD5

bfb316f0913d403a87615fce4bf4c66d
SHA1

a71ff49decad1d380eec1d28384c71af69928cee
SHA256

aa840e3a7af1632502580988dfabd38db37aff25b46438ba8339bb75ce225f98
SHA512

487cf01acb0f90c87c41d0cf534dcdbceec2c4fe0209446e6384fb7114ee016a8c96013ed07bc82a1fec3f7aef0cf7b2d0dac850bb2a9bcd915c1d2d81c42a41
SSDEEP

96:YTDCxOWTmmDT8LwuLHZ87pcekS8fHY1wcTLJtowEsyBbQ1j8W+avdDrj:1tDT8nLHZ8ietm41wcfJ+8Wi+a5H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfb316f0913d403a87615fce4bf4c66d_JaffaCakes118

Files

bfb316f0913d403a87615fce4bf4c66d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d1108b6d090448f3782bf7ea6cb58c8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbscmp
memcpy
fclose
fwrite
time
localtime
_mbsrchr
_initterm
malloc
_adjust_fdiv
strlen
strftime
_mbsnbcmp
sprintf
strcpy
memset
fopen
free

kernel32

SetFileAttributesA
GetModuleFileNameA
DisableThreadLibraryCalls
WideCharToMultiByte
CloseHandle

user32

SetWindowsHookExA
UnhookWindowsHookEx
GetKeyState
GetAsyncKeyState
GetWindowTextA
CallNextHookEx
GetForegroundWindow

advapi32

CreateProcessAsUserA

Exports

Exports

FlushBuffer
SaveE
SetLOpt
StartL
StopL
WLEventLock
WLEventLogoff
WLEventLogon
WLEventShutdown
WLEventStartScreenSaver
WLEventStartup
WLEventStopScreenSaver
WLEventUnlock

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ