e281674ce3c3cda69dab5a67d8ca946c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e281674ce3c3cda69dab5a67d8ca946c_JaffaCakes118
Size

6KB
MD5

e281674ce3c3cda69dab5a67d8ca946c
SHA1

ab8bdb0356d16d9a65b645b49541e657e9b868df
SHA256

c7a62aa376d105363dcccc6799e2526c8f7726c1469454b0f2fe924ee4369863
SHA512

1671a4233d4a55e0a9af3fe753433d51cae5a2caa1f5d08c36eef1cd040892e4a6e5591bd85d1b6aacf7b602ea1f35a8a80dba12437102f039b2b0260e37048d
SSDEEP

96:MGrZO1vgRHs+3y6+kWaxl8+7xp4hBXUq/pXj+aCtoKF/T:lrZO1YRHs+b+kWaQaoBXUq94FF/T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e281674ce3c3cda69dab5a67d8ca946c_JaffaCakes118

Files

e281674ce3c3cda69dab5a67d8ca946c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c15e65316d24ddfb05492e0a8e10f055

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
WriteFile
lstrlenA
SetFilePointer
CreateFileA
lstrcpyA
SetEndOfFile
IsBadStringPtrA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
TerminateProcess
GetLocalTime
CloseHandle

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
MessageBeep
GetForegroundWindow
GetWindowTextA
GetKeyboardLayout
GetKeyboardState
ToAscii
wsprintfA

advapi32

GetUserNameA

Exports

Exports

InstallKeyboardHook
KeyboardProc
SetOptions
UnInstallKeyboardHook

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.as_prot
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 378B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ