008567f28db5835c3f8ce9c2ff18dee0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

008567f28db5835c3f8ce9c2ff18dee0_JaffaCakes118
Size

36KB
MD5

008567f28db5835c3f8ce9c2ff18dee0
SHA1

1645e92209303f66573cc2d208423267d555e208
SHA256

65d6fe0f9dbf770a18bfd874a6935c8eb7afeefe42b78020c9946049221bd131
SHA512

97741780e41ed78a01d315222f76a055a5ee12ba3239b1c93654605b183b36a677cbfa23cd4caa6b705cc386b6d654ce069bcccb14a02dcd8a90b6cf042edb1d
SSDEEP

384:vVwdONyntrc/9JLTgBSQE8XTdWG6KRQjPzWNpC:vVwdznO/9JLTnQE8XZp6KRQjP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
008567f28db5835c3f8ce9c2ff18dee0_JaffaCakes118

Files

008567f28db5835c3f8ce9c2ff18dee0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

845191b61415d9344ede8ae932fc3767

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
InterlockedIncrement
CloseHandle
GetSystemDirectoryA
GetModuleFileNameA
DeleteFileA
GetLocalTime
LoadLibraryA
WritePrivateProfileStringA
GetProcAddress

user32

DefWindowProcA
PostMessageA
KillTimer
SetTimer
CallNextHookEx
FindWindowExA
CreateWindowExA
ShowWindow
RegisterClassExA
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

msvcrt

rand
_strlwr
_adjust_fdiv
malloc
_initterm
free
strrchr
??2@YAPAXI@Z
strchr
fopen
??3@YAXPAX@Z
strstr
_access
sprintf
_stricmp
__CxxFrameHandler
fclose
fwrite

Exports

Exports

CRZZr
DllRegisterServer
DllUnregisterServer
FOtwIxk
QCdGwUeJzUoThNc

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ