19a6190bce90fb118b56e75a9629dae4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19a6190bce90fb118b56e75a9629dae4_JaffaCakes118
Size

44KB
MD5

19a6190bce90fb118b56e75a9629dae4
SHA1

1dbe1a956848dfdf920c7c58c7bef29a53bc88b7
SHA256

c2d39cc4054879acacd90f292f52b9131c4ddb9d848823bf360d98b9a468245f
SHA512

aaec06c7d2dc4d6ba4f5883f061b484a84dfe75176dee8047f722370d1c0b865c3a59f5893c6cbbc96a3afaaeb8e4f1c50c88e0784a040c82199caf2eed2fb7d
SSDEEP

768:4+DmDX3jDaD3w9d2BMdpC3nyyWkpfpkavs+9kcgLa1B:tm3jD0gyBMrnyNwyqdLa/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19a6190bce90fb118b56e75a9629dae4_JaffaCakes118

Files

19a6190bce90fb118b56e75a9629dae4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

eea19f7c798c4bbe26eef23e3f85905c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateThread
LoadLibraryA
GetModuleFileNameA
GetProcAddress
GetLastError
CreateMutexA
VirtualAlloc
InterlockedIncrement
CreateProcessA
WinExec
GetSystemDirectoryA
GetWindowsDirectoryA
GetLocalTime

user32

CallNextHookEx
GetMessageA
DispatchMessageA
UnhookWindowsHookEx
FindWindowExA
PostMessageA
CreateWindowExA
ShowWindow
RegisterClassExA
KillTimer
SetTimer
DefWindowProcA
SetWindowsHookExA
TranslateMessage

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

free
strrchr
_except_handler3
__CxxFrameHandler
??2@YAPAXI@Z
_stricmp
??3@YAXPAX@Z
strchr
sprintf
_initterm
malloc
_adjust_fdiv
fclose
fwrite
fopen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
jJUJurdhf

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ