0c0afab4a67a84de1aeca495a0e530bf_JaffaCakes118 | Triage

Sharing

General

Target

0c0afab4a67a84de1aeca495a0e530bf_JaffaCakes118
Size

40KB
MD5

0c0afab4a67a84de1aeca495a0e530bf
SHA1

b0432efd859a23ac82557edb020c32b18cc5b7be
SHA256

1fdd467ed82f3d349691435ae5963d4cf5920fa8aa01684fad8db78c3ab56be5
SHA512

a1c7b8bb7c5f7b455a32308a0e238489945c8a556e68a9cd0154e6512be9e66841e34180465f5c19c9d8fe95624a8f5d5c1ac529cfe7225102fb4f0b485b51d3
SSDEEP

768:QtFau1c2p2hiyFgOAWQfzj8yzgfZnJ1t+9VdFOobCs6WhEGXJF:Qt0u228hiDNfzqfm9hjDBF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c0afab4a67a84de1aeca495a0e530bf_JaffaCakes118

Files

0c0afab4a67a84de1aeca495a0e530bf_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7532ea37852e18aebc473b20cc73ed11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindAtomA
VirtualFree
GetModuleHandleA
AddAtomA
GetProcAddress
FindResourceA
VirtualAlloc
SizeofResource
LoadResource
LockResource
FreeResource

user32

TranslateMDISysAccel
UnionRect
WindowFromPoint
WaitForInputIdle
wvsprintfA
ValidateRgn
WaitMessage
UnregisterHotKey
UnloadKeyboardLayout

advapi32

CryptHashData
CryptExportKey
RegQueryValueA
CryptSetHashParam
CryptAcquireContextA
RegQueryMultipleValuesA
RegEnumKeyA
RegCloseKey
CryptSignHashA

Exports

Exports

iomdvqahg
oeojnpnyh

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 970B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ