07159a384f16c17e67040d9396aeb942_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07159a384f16c17e67040d9396aeb942_JaffaCakes118
Size

79KB
MD5

07159a384f16c17e67040d9396aeb942
SHA1

3df228324bfceab48770a8fe950d4bef71f37b6b
SHA256

ae3ac6ce4c70247d780600c653db8bb8f0a8b2574265b17cd7aa0ece58ca1190
SHA512

f00243323879b4912df15e3b81af075e146e40d88d690264b028ca917288f9b2c5fd91d371808adb3d78da3e27e60a309f160d463f763592ab195b89ae234275
SSDEEP

1536:BfQAl+7ovOrdM3kvB8eJNmeG70c3ANFjxkWZh6yGNPp9faBfI+Y/:dQAl+prdM3kvBlJNmJ4c3QFjxdZcyEPf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07159a384f16c17e67040d9396aeb942_JaffaCakes118

Files

07159a384f16c17e67040d9396aeb942_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE