db7025277ddb50654eb2842a94b3e09e_JaffaCakes118 | Triage

Sharing

General

Target

db7025277ddb50654eb2842a94b3e09e_JaffaCakes118
Size

20KB
MD5

db7025277ddb50654eb2842a94b3e09e
SHA1

610f65c186b63b87691dbfd1fb76b85e8b3899c3
SHA256

dc6950ffd662560b30149d687f9ac9a9a8d599ee08d991b80e51dd43743cbfd5
SHA512

acb1234f146875f1171ce0b1fed512229e74dffb5488f44297116f9aca6ede937ddc3aaa066c87f2097ef05e5942f2aeed997553e9757b26ebdbaa49ef23959d
SSDEEP

48:qWyjGPCJHHoG+cVnugyC/nQBeTgXowDAL9chVmVQSXyrNjC/YqkhGgM0rgi4:Zy/oanu5CP8e04D5YYVX1nk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db7025277ddb50654eb2842a94b3e09e_JaffaCakes118

Files

db7025277ddb50654eb2842a94b3e09e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d3a169c7a397e868084f8079460c0a23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcatA
GetSystemDirectoryA
SetFileAttributesA
_lclose
_lcreat
_lopen
CloseHandle
WriteFile
lstrlenA
SetFilePointer
CreateFileA
GetTimeFormatA
GetDateFormatA

user32

SetWindowsHookExA
GetKeyNameTextA
GetKeyboardState
ToAscii
CallNextHookEx
SendMessageA
GetForegroundWindow

msvcrt

strcmp
_strupr
strtok
strstr
fopen
fgets
strcspn
??2@YAPAXI@Z
fclose

Exports

Exports

SetHooks
UnHook

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ