d2a971fa096abe6e99c3544bbf934a3e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2a971fa096abe6e99c3544bbf934a3e_JaffaCakes118
Size

34KB
MD5

d2a971fa096abe6e99c3544bbf934a3e
SHA1

ce0aa3b62b1e5afc245f243453f0c6c632dea12e
SHA256

b3ac603825d877eba6d19c76b004c5c7c85e92b884f53620df4ccb6fdd45a66f
SHA512

7d8996cbdee77e957a08b0620db7521156e1cfab1929f200335d46adc43f7b578cf9d33bd52e967341af303dbe18604108561b5e93b2b1d8a75ce76bd58f6bca
SSDEEP

768:dJoChOOWVqV7ezPNCOSyVOgqPAmTLCg7m1Pth6TD:7pWMtezPNCHC9qPAmTe71PID

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2a971fa096abe6e99c3544bbf934a3e_JaffaCakes118

Files

d2a971fa096abe6e99c3544bbf934a3e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f97ca656ffc2099072d3b3d60eab0ceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CallNextHookEx

ntdll

NtClose

Exports

Exports

getActiveDesktop
getSpecials
getSplit
getWnd

Sections

.text
Size: 28KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE