41f41e144bf0b44a16b91ec2dd82d31e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41f41e144bf0b44a16b91ec2dd82d31e_JaffaCakes118
Size

25KB
MD5

41f41e144bf0b44a16b91ec2dd82d31e
SHA1

727de19c2beecef20149eeb8e7b60c3e11ba5152
SHA256

709db9b1064bd84f34f934cfb5d3b71c036404c27f5145fcea406d3472faa629
SHA512

e22eb50cc0a1194c38126c08039710bb8d34915347bdf13747a15d73019083a2c7f8e6f653c067540b41ddf830b7884ceb9f23c70964f6e5441945e280f79905
SSDEEP

768:McQyfUEIzZsjPv2yKof+wY3ErROxNXLlhAe63:Mwf2ds7KofiErROxVLz16

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41f41e144bf0b44a16b91ec2dd82d31e_JaffaCakes118

Files

41f41e144bf0b44a16b91ec2dd82d31e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a5e3d6b5153b089e97fbd11429ecc19a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

RegisterWindowMessageA

Exports

Exports

?StartInject@@YAIPAUHWND__@@0@Z
?StopInject@@YAIPAUHWND__@@@Z

Sections

.text
Size: 20KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE