031f6be22d9ea286b04ec37b68e07997_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

031f6be22d9ea286b04ec37b68e07997_JaffaCakes118
Size

58KB
MD5

031f6be22d9ea286b04ec37b68e07997
SHA1

f97da999719a3496807e4782bf6ed1aeb59a6255
SHA256

cc13e4f7deb4dff6bb1c06f2c57b1ad8a63aa594bbacd0dd96f02dd28b810973
SHA512

a6890663c349caa867da991ad37c015ed00f3c579acfd745a1f815fd00fbfb1768da99b96dbab3eccf30e29793037a5c637e7be54045bdc9b494e0bf11abb919
SSDEEP

1536:BfQAl+7ovO0pJ7PwsKsfUV9NVcA94qZ0L1p3:dQAl+p0rwspfOXVn4i0L1h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
031f6be22d9ea286b04ec37b68e07997_JaffaCakes118

Files

031f6be22d9ea286b04ec37b68e07997_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE