1528f7cbc58d575aa127fb61d5893ec9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1528f7cbc58d575aa127fb61d5893ec9_JaffaCakes118
Size

124KB
MD5

1528f7cbc58d575aa127fb61d5893ec9
SHA1

e9f8eb28ba574a63d409ca32ea696625142c6993
SHA256

a33ce0a211749787eaf3e5901d058172574638f127b60b585ed2cf44441b9b37
SHA512

06ecf59915ceb1699e288b94145428dc016d1362bc7bb34d2d32d75909e92346c5d49a6138862de784bf5bf748a4df673d90c60d20fbdeb1a0b5da3f4e9a418a
SSDEEP

1536:SozHtp+vrRvR/pWBLfguMtWuPuB5WCHnV0u2HybzJ7XpjNoug3:SOt4vrRZ/pQUuFiuXzHnR2Sb9D9fg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1528f7cbc58d575aa127fb61d5893ec9_JaffaCakes118

Files

1528f7cbc58d575aa127fb61d5893ec9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4becd0c2591599feb1826502943d5504

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
VirtualFree
lstrcpyA
lstrlenA
LoadLibraryA
GetProcAddress

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA

msvcrt

??3@YAXPAX@Z
memcpy
??2@YAPAXI@Z
__CxxFrameHandler
strlen
_except_handler3
strcmp
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

ActiveX_
ActiveX_1
ActiveX_2
ActiveX_3
GenHWID
LoadAllDll
PLCloseDevices
PLFindAndOpenDevices
PLSetCurrentDevice
PLSetUvcDevice
ReadExtUnit
ReadReg
ReleaseLogObjects
WriteExtUnit
WriteReg
_declspecs

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 550B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ