0b25974451aae666557b5e09633c5634_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b25974451aae666557b5e09633c5634_JaffaCakes118
Size

57KB
MD5

0b25974451aae666557b5e09633c5634
SHA1

853a85a0dd80fe0cc1b6ef5c303dec8f20889ffc
SHA256

9b7a6e9f36a2693790a59dd732c2199057f963fc7fdcea6cd021f1e4ef61fae7
SHA512

57d880ee5ca9e035a52d57ff90d9408b718ab3e69d2c7bae66207b2b62b9e7cc426c3fe498d258288074aa7d569021066a89be046ac92643bcc07b8b84ae200f
SSDEEP

1536:BfQAl+7ovOGS+sF9p9/8B4qj5jSpuXH38bDw8v8D:dQAl+pGSp9P/8B5f3wM8kD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b25974451aae666557b5e09633c5634_JaffaCakes118

Files

0b25974451aae666557b5e09633c5634_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE