ded6fea5eaca0173113d7bb8a652e945_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ded6fea5eaca0173113d7bb8a652e945_JaffaCakes118
Size

610KB
MD5

ded6fea5eaca0173113d7bb8a652e945
SHA1

290eb2ff7adf030d4e985de26a89d15c48684eff
SHA256

08288a94a7ba651f829746537b998291e1401ae1eea66bf3ce660ad76ad32e13
SHA512

5fbf12cc35cc57d01efe41bbc6ff3e5071fd688a7be1db63b556f6cdd41f809af289f7c5158ff1b696fe67c71f65d334db14d1dcdd95baf387c5668ce963a618
SSDEEP

12288:UBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmBh/:UBhmBhmBhmBhmBhmBhmBhmBhmBhmBhmr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ded6fea5eaca0173113d7bb8a652e945_JaffaCakes118

Files

ded6fea5eaca0173113d7bb8a652e945_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f3f6d532b71d996e99c99b7670cdc6bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetMessageA
wsprintfA

kernel32

CloseHandle
CreateFileA
CreateThread
DisableThreadLibraryCalls
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
LoadLibraryA
ReadFile
RtlMoveMemory
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess
VirtualProtectEx
WideCharToMultiByte
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA

advapi32

RegQueryValueExA

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 999B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ