073dea5a6d382ead9b34dd6ab43c7eac_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

073dea5a6d382ead9b34dd6ab43c7eac_JaffaCakes118
Size

40KB
MD5

073dea5a6d382ead9b34dd6ab43c7eac
SHA1

9de81a13c1afbefdfe24b0401ddbba2f013d6843
SHA256

95cfc28d51699ccdba34af9f3a2db254b35d6446f904eb073910a82bd915e1c2
SHA512

745376a1ba107b55d22f302a1a03c6a3629eb578f5b28360406e1c70a493c8252f746274cbb7c0a4f36588ac305b30afcef3fb4acd5ae1bd824293c7519c451e
SSDEEP

768:J3QzQb7LOPFbdPAVpkavWPhEWK+U3gLa1sJ:dFbnOL4cfmiUwLaY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
073dea5a6d382ead9b34dd6ab43c7eac_JaffaCakes118

Files

073dea5a6d382ead9b34dd6ab43c7eac_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fa4daad19b4daf169881438ba181b97b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleFileNameA
InterlockedIncrement
GetLastError
WinExec
GetLocalTime
CreateProcessA
LoadLibraryA
GetProcAddress
CloseHandle
VirtualAlloc
CreateThread
CreateMutexA

user32

SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
SetTimer
DefWindowProcA
FindWindowExA
PostMessageA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassExA
CallNextHookEx

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

free
strrchr
__CxxFrameHandler
strchr
sprintf
_stricmp
fopen
fwrite
fclose
_initterm
malloc
_adjust_fdiv
_except_handler3
??2@YAPAXI@Z
??3@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ