eaa4c8de942f744cf4de3a61b57d020c_JaffaCakes118 | Triage

Sharing

General

Target

eaa4c8de942f744cf4de3a61b57d020c_JaffaCakes118
Size

9KB
MD5

eaa4c8de942f744cf4de3a61b57d020c
SHA1

0292ff82cf6891b946c02810ef34569419dfcf13
SHA256

a4c6e2f90bb544ecb1d3d47a18639b7fcf3cf4d51a05a604262b10cdae315865
SHA512

5089d5865af98aa3887d48584659cf9b3a649ce304bb88a6ebac6157f3da1e7e8c1c074b968dd562d0d436de01217dcc3b7c2ad67bb38724e6564f4345c4301f
SSDEEP

192:FvQUS6XW84tGV8ovb3+8BujmD+VHX0W8OgwDf6qY:FvZgEtvT+5ZRX78O11

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eaa4c8de942f744cf4de3a61b57d020c_JaffaCakes118

Files

eaa4c8de942f744cf4de3a61b57d020c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8c6b1bec77e5091cab0889d8380ce18e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

RegisterWindowMessageA

msvcrt

??3@YAXPAX@Z

Exports

Exports

?AddHook@@YG_NK@Z
?DelHook@@YG_NXZ
?ScanPwd@@YG_NQAUHWND__@@0@Z

Sections

pec1
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec3
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pec
Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE