07218bef5ae2221c212d7543bbadb795_JaffaCakes118 | Triage

Sharing

General

Target

07218bef5ae2221c212d7543bbadb795_JaffaCakes118
Size

65KB
MD5

07218bef5ae2221c212d7543bbadb795
SHA1

08e5393842f313e01b1eeb189267027669aeb62c
SHA256

3c9ea0bc8215ea9896ae135262f29473b07f9dd014ebda9b25bca023aeac192f
SHA512

3bce31577a07c4a10e6f56f1f383bd6f6c98a8a709a52e700d1d691ae2aad2eeb6e1ac39fdb47a358e63c5fac60a33fbea9408de6756960c19420bb26c99d8a4
SSDEEP

1536:BfQAl+7ovOLBBP5+gZD290K1gB7I8LGcwlpNuZgZ/QHMgM:dQAl+pLboGFeVhNqgZI8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07218bef5ae2221c212d7543bbadb795_JaffaCakes118

Files

07218bef5ae2221c212d7543bbadb795_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE