047c6f4e28b7e4f9ac3c565fd85a0a6a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

047c6f4e28b7e4f9ac3c565fd85a0a6a_JaffaCakes118
Size

16KB
MD5

047c6f4e28b7e4f9ac3c565fd85a0a6a
SHA1

7dad86859c71ac03050e1335302978d56cb7e38b
SHA256

c08b8723566a3adee5272832deaf76c624fa4a58188a3d256ddf97d31cd020f0
SHA512

547bcfa23f52965dd70b779f2e483724d2998b160a3bcc067be2eba014a5f1a864aaa901eba4954c607438bf2ac1ec95a4e7a05d9ea26c1e27f08fd27bbc2985
SSDEEP

192:jQjXKfojR39ESL1kb28+y+hRGYoVd5w9bgLsUkTR1cmdIZC0HbXo6:jZfQ3LWqhEYoVd29bgLsbTTiZC0B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
047c6f4e28b7e4f9ac3c565fd85a0a6a_JaffaCakes118

Files

047c6f4e28b7e4f9ac3c565fd85a0a6a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

edd72671c9619443ef1a82f6558edc92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetMessageA
CallNextHookEx
wsprintfA

kernel32

LoadLibraryA
lstrlenA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
GetCurrentProcess
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
Module32First
Module32Next
MultiByteToWideChar
Process32First
Process32Next
ReadFile
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess
VirtualProtectEx
WideCharToMultiByte

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ