2d6f3ca486eef58c1215f27c6a4ff75b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d6f3ca486eef58c1215f27c6a4ff75b_JaffaCakes118
Size

8KB
MD5

2d6f3ca486eef58c1215f27c6a4ff75b
SHA1

18b42b68fd54c33a52ee2138423212218e2b6794
SHA256

d3ebfcbb3a900372eeefe792f0f6d0061dbd869727f19a559aee1399b0db8f05
SHA512

e6f06e08887770cd931e92c15b620f9fd580ebfe5a99b8646ba952f55ff095b37b46b5b7b786f8383062cc03f86cf87e9db719ff03fd9091db28fbaaf6f0bf98
SSDEEP

96:wcuBLQ4wNqCMSazNiz91eOdQPIiEuuXLPULrCBB6V4lb0wHzyvkOF51OqKdtr5jp:Q9wD/VaIiIrvBBBF+vkOb1nilo8EB8j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d6f3ca486eef58c1215f27c6a4ff75b_JaffaCakes118

Files

2d6f3ca486eef58c1215f27c6a4ff75b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

def382fce05e627103853ec619735b26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
GetModuleFileNameA
GetModuleHandleA
GetSystemInfo
GetProcAddress
WriteProcessMemory
GetCurrentProcess
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
WideCharToMultiByte
GetTickCount
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetDesktopWindow
CallNextHookEx
GetKeyboardLayout
GetWindowLongA
GetClassNameA
GetKeyState
GetWindowThreadProcessId
ToAsciiEx
GetFocus
PostMessageA
IsWindow
SendMessageA
GetKeyboardState

msvcrt

_onexit
_adjust_fdiv
malloc
_initterm
free
__dllonexit

Exports

Exports

DLL_GetProjectVersion
EnableAltInterception
EnableDiaryTracking
EnableNTInvisible
EnablePreHandle
EnableSpecialKeysLogging
SetHook

Sections

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ