00f88388a70c22c385ea39e08bf76bf0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00f88388a70c22c385ea39e08bf76bf0_JaffaCakes118
Size

8KB
MD5

00f88388a70c22c385ea39e08bf76bf0
SHA1

af08f26cc5049fbb59fc0dce013fa9e6a2acfee1
SHA256

e42be3ef45b31e93ccb67115791ad1750ae9d33a3e8a2e6758e73c74ea18847c
SHA512

aa08a196529bfe66d9fa7d7a8b993d2eac22a8a99196a0635033d136f0fc02859e8629717e65d2b1bc9ad5646ddb02673c35da5e006780305f239fbcc605fa41
SSDEEP

96:hw7qUqcnU+Oo4CMSa952WLju+R//sYBOkNyvkMJofOqKdtryxhosUGENj9Rw:hz4jOoZIlBpcvkMUnioo8E19Rw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00f88388a70c22c385ea39e08bf76bf0_JaffaCakes118

Files

00f88388a70c22c385ea39e08bf76bf0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4019e2255b67dd4fdf88e8ccf7b53913

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
GetModuleFileNameA
GetModuleHandleA
GetSystemInfo
GetProcAddress
WriteProcessMemory
GetCurrentProcess
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
WideCharToMultiByte
GetTickCount
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

user32

GetWindowThreadProcessId
SetWindowsHookExA
UnhookWindowsHookEx
GetDesktopWindow
GetKeyState
GetWindowLongA
CallNextHookEx
GetKeyboardState
ToAsciiEx
GetFocus
PostMessageA
IsWindow
GetKeyboardLayout

msvcrt

free
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit

Exports

Exports

DLL_GetProjectVersion
EnableAltInterception
EnableDiaryTracking
EnableNTInvisible
EnablePreHandle
EnableSpecialKeysLogging
SetHook

Sections

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ