c8fd79782875422d682863e2522704e5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8fd79782875422d682863e2522704e5_JaffaCakes118
Size

8KB
MD5

c8fd79782875422d682863e2522704e5
SHA1

f15554dae45241dc18bfee97a12a463ec3195baa
SHA256

9e6c2a0432c5aae19d4627b4c82e5355e783ea86b90d18181c4b699cd6ba4f97
SHA512

df727e9b1b2163c7cb5c7884ce908bc62cd487929252d4581bb7ce3178a023b1bb640bb243a67063f895b08a0c7c2b656b299f8b94f1cf1bd18bff85804a3e08
SSDEEP

96:QyL1FzCq6vgRuBuh1i2ViBGWJ9DrREW1X:RxrHWJtiW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8fd79782875422d682863e2522704e5_JaffaCakes118

Files

c8fd79782875422d682863e2522704e5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

84afc5dc7b9085e804b475f1270d5f2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

x:\Dev\M_tr0j\Xmrk\new2.0\20080414_xm\passdll_080514\Release\dll1.pdb

Imports

kernel32

GetSystemDirectoryA
IsDBCSLeadByte
CloseHandle
Sleep
SetFilePointer
CreateFileA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
WriteFile

user32

CallNextHookEx
GetForegroundWindow
GetWindowTextA
wsprintfA
MessageBoxA
SetWindowsHookExA

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

msvcrt

free
malloc
_adjust_fdiv
_initterm
fopen
fclose
fwrite

Exports

Exports

SetHook
_SetHook@0

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ