fbbe264151de24c024a93ba4eef85b57_JaffaCakes118 | Triage

Sharing

General

Target

fbbe264151de24c024a93ba4eef85b57_JaffaCakes118
Size

44KB
MD5

fbbe264151de24c024a93ba4eef85b57
SHA1

80d5350e860a5587dbdbc5a103d0a8d6c01a4be6
SHA256

cce9eaf6c82e7fba2a3347d6c0c73b8fa8d6f3cc28ccbf1cbc301357486b757e
SHA512

a598f4a820d297d301bc495e2b75a850bb242674720b351822c1b2a6ffe8fb6f99972e14b763abbd0cc9d3273b4abe87dc4e0df745f58911ed9ec609e3060da9
SSDEEP

768:XeOYyYUej6Sy390JdLpkavaBOr7jeTIVgLa1dxE2Ef:uoi2Zt0Jdu1dTICLaDOBf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbbe264151de24c024a93ba4eef85b57_JaffaCakes118

Files

fbbe264151de24c024a93ba4eef85b57_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6a3b0e3b0e0ae8f1ed9c140afcaea6f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
WinExec
GetWindowsDirectoryA
GetSystemDirectoryA
CreateThread
GetModuleFileNameA
CreateProcessA
VirtualAlloc
CreateMutexA
GetLastError
GetProcAddress
CloseHandle
LoadLibraryA
GetLocalTime

user32

UnhookWindowsHookEx
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
PostMessageA
CallNextHookEx
KillTimer
SetTimer
DefWindowProcA
SetWindowsHookExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

free
_except_handler3
strchr
fopen
fwrite
_stricmp
fclose
strrchr
__CxxFrameHandler
_initterm
malloc
_adjust_fdiv
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ