c0ddb356c983cf90818dd28f3203f1ad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0ddb356c983cf90818dd28f3203f1ad_JaffaCakes118
Size

7KB
MD5

c0ddb356c983cf90818dd28f3203f1ad
SHA1

d5e9a903220234aba8f920bda0df47a7d3d5bb4a
SHA256

f8fbe5eedb189b0b3292faf966c6c35833232baa9fadaec06900d92f1dc67fbd
SHA512

25771a275c93440a839ed4751d3eb67ad41e3522bebfb1232cd9355a47715359d735db73a066fe4630e61fb62569642b94d174e1b05d9a1a197279c07109cdce
SSDEEP

96:v0tFaW+RI352GJfNWzaXCa0gvakhuGZFV61AFS6ANcI5kWM:cvaWF35lJFWzaXPtCgvFnAIW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0ddb356c983cf90818dd28f3203f1ad_JaffaCakes118

Files

c0ddb356c983cf90818dd28f3203f1ad_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e97d519a2dfe3ed9ebe2c2fc9918378e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
wcscmp
wcsstr
strstr

kernel32

DisableThreadLibraryCalls
VirtualQuery
LoadLibraryExW
GetCurrentProcess
LoadLibraryW
Module32First
lstrcmpiA
GetProcAddress
LoadLibraryA
GetSystemInfo
GetModuleHandleA
LoadLibraryExA
WriteProcessMemory
CreateToolhelp32Snapshot
Module32Next
CloseHandle
GetCurrentProcessId
VirtualProtect

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx

imagehlp

ImageDirectoryEntryToData

Exports

Exports

_AddPID@4
_Prog_HookAllApps@8

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ