faa527cb79479b69a0fc3b9b0935c647_JaffaCakes118 | Triage

Sharing

General

Target

faa527cb79479b69a0fc3b9b0935c647_JaffaCakes118
Size

42KB
MD5

faa527cb79479b69a0fc3b9b0935c647
SHA1

d587572739c8a5fc2ac589d52e7504acbf5e7854
SHA256

04690449bf0ce44f9a41e9bf3f8cd7e65645df48490523f6d01c65bc0faad957
SHA512

e5452fd35d15cd8ae98a2c4787c1998836a30bea756f58080e89b9dd240324fc6f37f95ad5d1634a3395960ba7f0985832a3c3790397dd98d41aba11cd02b0e3
SSDEEP

768:0p8NF1w8mn5/Wz75/I6z601Z9xbF99WSvAt6H3yY3ebp4RtnMA/iw8xN:0QU4t/Rzv7VWfA/9/iRx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faa527cb79479b69a0fc3b9b0935c647_JaffaCakes118

Files

faa527cb79479b69a0fc3b9b0935c647_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetHookMsgString
StartCBTHook
StopCBTHook

Sections

CODE
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 125B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ