28c0964ccc5cc0c3d5e3c1e4948a712e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28c0964ccc5cc0c3d5e3c1e4948a712e_JaffaCakes118
Size

32KB
MD5

28c0964ccc5cc0c3d5e3c1e4948a712e
SHA1

434303638875c486904165d77c2ad96edc333875
SHA256

c810663b08fbb83c7803f005dc61af232beb8f84aaf8ee333a862962b769e308
SHA512

b30835a1fa39a655b871e6a2c99cfffcd531c60aefaef42688d81c9d3b719eed39ccd935dd5d1cc299e4ea283922545f4ac7781801769e64aa4f4f23845b016a
SSDEEP

384:Ez38iEouPFuOF7PMn+0STaHipr/Fhdu+9G7jQswT/oJAB:6fZO7P00TaHipr/Fhdu+87jQsw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28c0964ccc5cc0c3d5e3c1e4948a712e_JaffaCakes118

Files

28c0964ccc5cc0c3d5e3c1e4948a712e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6560aa767c861451dff9bec845e2b48b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetModuleFileNameA
GetLocalTime
InterlockedIncrement
DeleteFileA
LoadLibraryA
GetProcAddress
GetWindowsDirectoryA
GetSystemDirectoryA

user32

CallNextHookEx
RegisterClassExA
CreateWindowExA
ShowWindow
FindWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
UnhookWindowsHookEx
KillTimer
SetTimer
PostMessageA
DefWindowProcA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

_initterm
free
strrchr
strstr
__CxxFrameHandler
_access
??2@YAPAXI@Z
_stricmp
malloc
_adjust_fdiv
_strlwr
fclose
fwrite
fopen
sprintf
strchr
??3@YAXPAX@Z

Exports

Exports

DllRegisterServer
DllUnregisterServer
IOiub
cXr

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 842B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ