296a7749f4801cf075d2b8ed28fa3f97_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

296a7749f4801cf075d2b8ed28fa3f97_JaffaCakes118
Size

5KB
MD5

296a7749f4801cf075d2b8ed28fa3f97
SHA1

4d0aa1059930c3a26e58abc51f395d84ba6f74d4
SHA256

d99665312254e854de73beb180fc3e5efb3500dd34d1147d6bcd5621849ac515
SHA512

7a44a9baeb44254af41e5126abc1b88913d322415e8e93a888dacdbfa6217f3b21cacbbe726f81da1e119fbe8fa6961f942ab8a8362f89eff3f341a12e694ac0
SSDEEP

48:6rM7V0dE2sz1NIkfGsRDLookUZ+tTNf433I:6GevbkusRDL1mtZf433I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296a7749f4801cf075d2b8ed28fa3f97_JaffaCakes118

Files

296a7749f4801cf075d2b8ed28fa3f97_JaffaCakes118
.dll windows:4 windows x86 arch:x86

49849948d2ed03fbf446f60e30021204

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\AKL\kh\Release\kh.pdb

Imports

kernel32

GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

user32

UnhookWindowsHookEx
MapVirtualKeyA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
PostMessageA
CallNextHookEx
SendMessageA
SetWindowsHookExA
RegisterWindowMessageA

Exports

Exports

AddMonitoredWnd
ClearKeyHook
ClearWndMonHook
RemoveMonitoredWnd
SetKeyHook
SetWndMonHook

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 866B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ