1425dd1f2f3beb471e3c82a6171e1150_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1425dd1f2f3beb471e3c82a6171e1150_JaffaCakes118
Size

34KB
MD5

1425dd1f2f3beb471e3c82a6171e1150
SHA1

709acd0ba794e8b18b17281f6bb2706812899cb6
SHA256

fd06249a4d75a56576fda1ac0073da888bb305919b4d33030691d59bbf06adc1
SHA512

eef034221f599135075ead5103d9a2b4d36460493951145cdfdfbd6c5e32b03f4c255841a30760714b05a09386d5367255361b3702f43540486ed3b39a45067e
SSDEEP

768:X4VH0lsBZzCGa4XlU/qZocXDFuz7qe330twrlzb:XpyZzc4mqZ72qe3E6r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1425dd1f2f3beb471e3c82a6171e1150_JaffaCakes118

Files

1425dd1f2f3beb471e3c82a6171e1150_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f97ca656ffc2099072d3b3d60eab0ceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CallNextHookEx

ntdll

NtClose

Exports

Exports

getActiveDesktop
getSpecials
getSplit
getWnd

Sections

.text
Size: 27KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE