266c38dc825a86fb6bbb00cd95ca7d39_JaffaCakes118 | Triage

Sharing

General

Target

266c38dc825a86fb6bbb00cd95ca7d39_JaffaCakes118
Size

40KB
MD5

266c38dc825a86fb6bbb00cd95ca7d39
SHA1

485ce73e3c4505ba299c63385f2338cfa2a01717
SHA256

860a07d385d150efbda7627c945230fbfe40a437431782f8074702dddd9f9e44
SHA512

9106811e99632cf53e17037d1f4112f9da4ed58889b7ef7e204ccc28c2826f014d36f2d294afaa16a6b6ccaee99143fdceca83d63480ec19b176c1356dfc5b9e
SSDEEP

768:QekA1K24DJI6ngl2BucFVP39QQ5aeroenyT7Fl5p:31iDWgjBuc39QQVoeyfn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
266c38dc825a86fb6bbb00cd95ca7d39_JaffaCakes118

Files

266c38dc825a86fb6bbb00cd95ca7d39_JaffaCakes118
.dll windows:5 windows x86 arch:x86

88e0629ff80df96dbf04e2adb8f52577

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
GetModuleHandleA
FindAtomA
GetProcAddress
VirtualAlloc
FreeResource
FindResourceA
SizeofResource
LoadResource
LockResource
AddAtomA

user32

ValidateRgn
VkKeyScanExA
UnloadKeyboardLayout
UnionRect
WaitMessage
WaitForInputIdle
UnpackDDElParam
ValidateRect
TranslateMDISysAccel

advapi32

RegConnectRegistryA
CryptGetUserKey
GetUserNameA
RegReplaceKeyA
CryptSetProvParam
CryptDestroyHash
CryptReleaseContext
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

Exports

Exports

jzmktiniks
oualbtyzc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ