0c27f7ce83bf8d21c313783f1e8578e8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c27f7ce83bf8d21c313783f1e8578e8_JaffaCakes118
Size

49KB
MD5

0c27f7ce83bf8d21c313783f1e8578e8
SHA1

16527136c5061ec4b71576272d9355aeb6a460ec
SHA256

f5f4e9ccc311082ec8a72ff155a455a112d748d9d78ff871865298ae318adc5e
SHA512

74ccef82325797487e012699138526899ace767b0f6c71f2f5718c148d925d8e09e5967bcb650662c9e533c6a204e34c41333148d4c2c52192b4ab5820018c20
SSDEEP

1536:BfQAl+7ovOlMxR5q7QWkOhjrV2l11ySpWFz:dQAl+plMxPyfVyDySAz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c27f7ce83bf8d21c313783f1e8578e8_JaffaCakes118

Files

0c27f7ce83bf8d21c313783f1e8578e8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE