bf03ebe914f0f51a4e80f4f4b0936a08_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf03ebe914f0f51a4e80f4f4b0936a08_JaffaCakes118
Size

660KB
MD5

bf03ebe914f0f51a4e80f4f4b0936a08
SHA1

ddc08a7639c75d343224bc96e7cc072094cb2dc9
SHA256

5208ea7ca43b294de5b03573dde45ef1ea7ac575930378cc5865ef58d2879a0c
SHA512

78a1d0f257b93a96775b934df3d33126db7a7640d67041ba6e9049f5831a9ef392b94de58a8ea05a5eda0df561c44343ab86bf890c2dc18a040945d30f04336b
SSDEEP

12288:L99999999999999999999999999999999:L999999999999999999999999999999j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf03ebe914f0f51a4e80f4f4b0936a08_JaffaCakes118

Files

bf03ebe914f0f51a4e80f4f4b0936a08_JaffaCakes118
.dll windows:4 windows x86 arch:x86

38b3ff5194d5729f730b69e36fd13b53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowTextA
GetForegroundWindow
GetClassNameA
wsprintfA

kernel32

lstrlenA
lstrcpynA
CloseHandle
CreateFileA
CreateThread
DisableThreadLibraryCalls
GetCurrentDirectoryA
GetCurrentProcess
GetModuleFileNameA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
IsBadReadPtr
LoadLibraryA
MultiByteToWideChar
ReadFile
RtlMoveMemory
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess
VirtualProtectEx
WideCharToMultiByte
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA

advapi32

RegQueryValueExA

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ