1aff8031a6d52a5a81629ea7f93c5c50_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1aff8031a6d52a5a81629ea7f93c5c50_JaffaCakes118
Size

64KB
MD5

1aff8031a6d52a5a81629ea7f93c5c50
SHA1

3c31f45748427e38c2eaa50cbe479ef1b37126f8
SHA256

43e82a5589da3a2b965ba2e5d8d10a926f9ce28294ce0490fcde4882d0299abd
SHA512

6a46b3f11814bd55d618b1cb3912e43f87a17d781619d8e66a758b94987ba65633992f0e87543a0c75b07decb42bffa8a3723fafd94ffe4f6aaf63a5c9d6f79c
SSDEEP

1536:BfQAl+7ovOSyd96MYD7ZId4KxQ8dh2YoHcdKGUS3weR+:dQAl+pSynQzn8wGUSPR+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1aff8031a6d52a5a81629ea7f93c5c50_JaffaCakes118

Files

1aff8031a6d52a5a81629ea7f93c5c50_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE