d6f38b70e5e8f9c47b3d67a0f532a08e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6f38b70e5e8f9c47b3d67a0f532a08e_JaffaCakes118
Size

28KB
MD5

d6f38b70e5e8f9c47b3d67a0f532a08e
SHA1

f94bbc6ed0ea1d96bc0b2695891b8e38c147fe9c
SHA256

09f357e017cb3d6abca4b0d27297242dc9a611bf82e618341c57a9f1add23536
SHA512

5a4ea6806519c1b0515bb297e81c0f9d16df96973df57aa685df403417987296ed674ee7c4bb0f9e66c07eb55c0b61b3c69b6ec7e65017e55b4eaf96d1b077cc
SSDEEP

96:mG4vj0ixoDeP8c2Pjnu0agnKkvR3HuCDuvUeIwWoApB9QhXFWCzk+Qbw/:fSj0ixoy89LMNkJeCDKJjWo8QhtYJw/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6f38b70e5e8f9c47b3d67a0f532a08e_JaffaCakes118

Files

d6f38b70e5e8f9c47b3d67a0f532a08e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

18f349c6a71c0a5109f4b6d24131ed94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetSystemInfo
SetThreadPriority
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentThread
GetProcAddress
GetCurrentProcessId
WriteProcessMemory
GetCurrentProcess
VirtualProtectEx
lstrcmpiA
LoadLibraryA
LoadLibraryW
LoadLibraryExA
DisableThreadLibraryCalls
VirtualQuery
LoadLibraryExW

user32

SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx

imagehlp

ImageDirectoryEntryToData

msvcrt

__CxxFrameHandler
__dllonexit
_adjust_fdiv
malloc
_except_handler3
??3@YAXPAX@Z
??2@YAPAXI@Z
_onexit
free
_initterm

Exports

Exports

Hook
Unhook

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDAT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ