29a8de41bfa2f497b29d9f335c9adbfc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29a8de41bfa2f497b29d9f335c9adbfc_JaffaCakes118
Size

44KB
MD5

29a8de41bfa2f497b29d9f335c9adbfc
SHA1

4cab815de1c97a72c8b79b660eaeb27373569074
SHA256

676c8726de79541dc0faf21b0ca1dc734682f653ded98bce9755deaa5cd8331a
SHA512

0988bd967c85cccf490cbe12e7452ecae9f6585edff095a18f9c1a4422281a3a3a8ee76d213ed8fc970910e1afcd53822998c1f4edf164fccd1b6a9f4be59372
SSDEEP

768:+k62g0oH5t0jIypkavDc57mmoEd0gLa1M:+k6z5tuIhLllVLa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29a8de41bfa2f497b29d9f335c9adbfc_JaffaCakes118

Files

29a8de41bfa2f497b29d9f335c9adbfc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1a3f119edd8661ccccc281aca09c8159

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
InterlockedIncrement
WinExec
CreateMutexA
GetSystemDirectoryA
CreateThread
VirtualAlloc
CreateProcessA
GetLastError
CloseHandle
GetProcAddress
GetLocalTime
LoadLibraryA
GetWindowsDirectoryA

user32

SetWindowsHookExA
FindWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
CallNextHookEx
CreateWindowExA
ShowWindow
KillTimer
SetTimer
DefWindowProcA
RegisterClassExA
UnhookWindowsHookEx
PostMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

free
_except_handler3
strchr
fopen
fwrite
_stricmp
fclose
strrchr
??3@YAXPAX@Z
_initterm
malloc
_adjust_fdiv
sprintf
__CxxFrameHandler
??2@YAPAXI@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
irUArJjqQ

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ