f6b1cb9451ce0920e72140136b20f2c5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6b1cb9451ce0920e72140136b20f2c5_JaffaCakes118
Size

15KB
MD5

f6b1cb9451ce0920e72140136b20f2c5
SHA1

17aca40bf5af2ce1f8c4e0f3d0a87a8abd4c23ac
SHA256

6f1bd1d7cd86ce9d24f3cb5e013ec6674f08b2ece9a4a40a9477f64d1561e8f6
SHA512

de2586c025678ee1915c98e88ea47ec0180431a243cab66118580e4a235018250bfb1fa19323e365acd4aaa31d5e09aa2d5a8ee4f1e66ed717e709ed1f8cd6df
SSDEEP

192:bLKAdYvRKK3yNaInyNBkjUZFWJWwjWjruj:bLxcLprkBWwjWvM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6b1cb9451ce0920e72140136b20f2c5_JaffaCakes118

Files

f6b1cb9451ce0920e72140136b20f2c5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4a193363c02fdeb7560396059057249b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_except_handler3
_initterm
free
__CxxFrameHandler
_strlwr
_itoa

kernel32

GetProcAddress
FreeLibrary
GetLocalTime
CreateThread
LoadLibraryA

user32

CallNextHookEx
GetKeyNameTextA
GetActiveWindow
GetWindowTextA
SetWindowsHookExA
UnhookWindowsHookEx

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

KBHP
MSHP

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 901B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.inidata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ