f475f2dc652da931c453d4d6f0b86fba_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f475f2dc652da931c453d4d6f0b86fba_JaffaCakes118
Size

44KB
MD5

f475f2dc652da931c453d4d6f0b86fba
SHA1

b2d79ef77f1944be0e4fdf9e862f0ed76c8e2e69
SHA256

6847f8d05a3606527bca3025228afe0fa60471198302f6cb066b46091ce33d4d
SHA512

d7e044c74cb5c7629ceac970564d9ae2bdfbe4a87bc6067bc30ed84686242f3fdd770dc58cb0def16b6218a0f1c362a08baacb8791f00b81121f95aaa445aa55
SSDEEP

768:m9Le5/gurZLCqW64zTsJGppkav94PgLa1lao4Y:m90CqCgBoLa3anY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f475f2dc652da931c453d4d6f0b86fba_JaffaCakes118

Files

f475f2dc652da931c453d4d6f0b86fba_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b0b5f64ddbe73bedd0a1c3942d555475

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
InterlockedIncrement
GetProcAddress
LoadLibraryA
CreateProcessA
GetSystemDirectoryA
CreateThread
VirtualAlloc
GetWindowsDirectoryA
WinExec
CloseHandle
CreateMutexA
GetLastError
GetLocalTime

user32

KillTimer
SetTimer
UnhookWindowsHookEx
SetWindowsHookExA
FindWindowExA
PostMessageA
RegisterClassExA
CallNextHookEx
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

free
_except_handler3
__CxxFrameHandler
strrchr
??2@YAPAXI@Z
_stricmp
??3@YAXPAX@Z
strchr
sprintf
_initterm
malloc
_adjust_fdiv
fclose
fwrite
fopen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ