fda7263e38d8582e1dae22791e56115b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fda7263e38d8582e1dae22791e56115b_JaffaCakes118
Size

16KB
MD5

fda7263e38d8582e1dae22791e56115b
SHA1

a89ade64f203167b862640b05b4d1353ec1e0b72
SHA256

a6e63cebdcdc38c9cb444b05e113979c0f4680dc97310304d348efbcc1c0c438
SHA512

8fc57defaf903c8c442852859c901fbfc28fceaa5156e777e0a142f68ba45a5f795896d2113bc142f22de416e9d1dfb0fbd82b73e126097b5c1b4a817b40ecdb
SSDEEP

192:KMkRlVoM8i2Mr8m3/IznxYcGWdaTx7nzzakkhUiKhaZlaUOMuh:0lGer8cIznxYcGWdaTx7nf9MplaUOM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fda7263e38d8582e1dae22791e56115b_JaffaCakes118

Files

fda7263e38d8582e1dae22791e56115b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fecf5ca3cf3a78d00d88f7ec055237d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetMessageA
GetForegroundWindow
GetClassNameA
CallNextHookEx
wsprintfA

kernel32

LoadLibraryA
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
VirtualProtectEx
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
DuplicateHandle
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
Module32First
Module32Next
OpenProcess
Process32First
Process32Next
ReadFile
ReadProcessMemory
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ