22969a8813b6a5ed1eaa511b4b1454c6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22969a8813b6a5ed1eaa511b4b1454c6_JaffaCakes118
Size

32KB
MD5

22969a8813b6a5ed1eaa511b4b1454c6
SHA1

fe23c43cd77970b191c14568bb58157fbba427bb
SHA256

723770b2867381f5d7a344cb1422e7db148e0d48d8ad63fb07f7348d23bba03b
SHA512

2850381444ab538680cbd705ea5eacb193e5c479b88a1b117f890bd21f45e538ce8ff9859a9c200b9496ad835840fc115277928b87f61c6078719f062f41ac50
SSDEEP

768:E8ZfkeN+13Kt7bAdbF+yHSk7mbKDNSilq0KoxBD+3bq0d:E4fkg04gdbFrHSk7mbcXkoxKbbd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22969a8813b6a5ed1eaa511b4b1454c6_JaffaCakes118

Files

22969a8813b6a5ed1eaa511b4b1454c6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7268d71721a88c37100ad834b3e9840f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetModuleFileNameA
DeleteFileA
GetSystemDirectoryA
InterlockedIncrement
GetLocalTime
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA

user32

CallNextHookEx
UnhookWindowsHookEx
KillTimer
SetTimer
CreateWindowExA
ShowWindow
RegisterClassExA
FindWindowExA
PostMessageA
DefWindowProcA
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

_initterm
free
strrchr
strchr
fopen
fwrite
fclose
_stricmp
malloc
_adjust_fdiv
_strlwr
??2@YAPAXI@Z
sprintf
??3@YAXPAX@Z
strstr
_access
__CxxFrameHandler

Exports

Exports

DllRegisterServer
DllUnregisterServer
VkTEHgXkFCZSULB
oVwQvjrAWKsgzPcP
xVUdpDOhu

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ