db7ac34a9c0c0b738265b8fc429e23bc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db7ac34a9c0c0b738265b8fc429e23bc_JaffaCakes118
Size

93KB
MD5

db7ac34a9c0c0b738265b8fc429e23bc
SHA1

0f814ff3a2f14c2a4f36c2359639eb0ef4be5e3d
SHA256

c221776f9cb2378bde57426141766985beb94fb489ff8a8c971d4b1f783a0a4e
SHA512

432f069befc788f0038bfc5a00d25e7028caa7b1ddcb0fa8c3395564c5693ae46b7775a5bce93f7ec47f955af0209453811f9f84166005d66dac5b8242a0070c
SSDEEP

1536:k1BoJAMOCYyoM1sEV7oYHhB8BCjCFqWxaWc0aMx:kGYyoMHVsYBB8BCjeqWsW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db7ac34a9c0c0b738265b8fc429e23bc_JaffaCakes118

Files

db7ac34a9c0c0b738265b8fc429e23bc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3f9fdd87b906f87b29fd09ed4d552a51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

CallNextHookEx

advapi32

InitializeSecurityDescriptor

msvcrt

_initterm

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./0
Size: - Virtual size: 542B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./1
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./2
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ