1ba18e9353522e6dea2fe22240deaeda_JaffaCakes118 | Triage

Sharing

General

Target

1ba18e9353522e6dea2fe22240deaeda_JaffaCakes118
Size

24KB
MD5

1ba18e9353522e6dea2fe22240deaeda
SHA1

0e449c8d601e325338b1d6c045a72110809d70d9
SHA256

c6f709684e81a7c53f1ccd3e00034dc8f49d774d9b452979bec5d47cd450d971
SHA512

4b0b87e8d652ae634d7975258312d08555862103c80a6e1cbace31e47de2102c96e2fa036aef320b6a2e17d8be415b3fe64b0f5978abb33b90fa2074a99d9cd7
SSDEEP

192:EwOVXb3zH3vks5LEu5o25Wn1h8emAgMRBaQUNlWiAYxl:FOpfHcs5Lq2Iz8mgABaQUNlLD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ba18e9353522e6dea2fe22240deaeda_JaffaCakes118

Files

1ba18e9353522e6dea2fe22240deaeda_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7324e0be606b23066051f22f9d519593

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostname
send
closesocket
recv
connect
htons
socket
gethostbyname
ioctlsocket

kernel32

GetCommandLineA
GetModuleFileNameA
GetSystemInfo
GetVersionExA
CloseHandle
UnmapViewOfFile
CreateThread
Sleep
GetPrivateProfileStringA

user32

CallNextHookEx

msvcrt

malloc
_adjust_fdiv
_initterm
_onexit
__dllonexit
fopen
fseek
ftell
fgets
fclose
__CxxFrameHandler
??3@YAXPAX@Z
sprintf
free

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MyCallCBTProc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ