eaadade42bbb8850af0ba967a0effac9_JaffaCakes118 | Triage

Sharing

General

Target

eaadade42bbb8850af0ba967a0effac9_JaffaCakes118
Size

4KB
MD5

eaadade42bbb8850af0ba967a0effac9
SHA1

671d0e8fcd8dbf48d8b97ba0e382c0ed4dffbabe
SHA256

8f64026255dc2c054199a5f1842d46bdbae78351556f0a02ae98b60771b9190c
SHA512

1e37987cb8bf7d6d186b9abd58facf0802228087661bd753595eb753a3813f151b18284cf8baba935802a93ce47821b76946ec08a60f95a821fd81ea7aed041d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eaadade42bbb8850af0ba967a0effac9_JaffaCakes118

Files

eaadade42bbb8850af0ba967a0effac9_JaffaCakes118
.dll windows:1 windows x86 arch:x86

66c7088e58a2201e244aee2ccbc7de4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetCommandLineA
GetModuleFileNameA
GetProcAddress
GetShortPathNameA
LoadLibraryA
RtlZeroMemory
WinExec
lstrcatA
lstrcpyA

advapi32

CloseServiceHandle
CreateServiceA
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

Exports

Exports

AddProcessExclusion
GetChangeRect
GetChangedWindowList
IsTitleBarButtonPressed
RemoveProcessExclusion
SetButtonXOffset
SetSingleWindow
ShowTitleBarButton
StartHooks
StopHooks

Sections

.code
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE