30727c92974415e6e602b9adcebe9da9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30727c92974415e6e602b9adcebe9da9_JaffaCakes118
Size

38KB
MD5

30727c92974415e6e602b9adcebe9da9
SHA1

b6e04bd40d13ae11be1c90a00506a696c0902871
SHA256

6e1d6501a25d47958bf457867e122518f6a62cf91aca00dc536b27aa97003351
SHA512

ac40551fd16aafdcb6a601cc00614fab46b15dc7e8ec25de4d8212d27dd3ba9d893fa2aa8a56025e15395a1ffdbb1d34bdd0ede3af4d484b8b1b0f4f1102e18d
SSDEEP

768:PVPWTLZzhKjV4YWG65jC03H3pbsq3Y4EfdvM:EplaVPcRppbTQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30727c92974415e6e602b9adcebe9da9_JaffaCakes118

Files

30727c92974415e6e602b9adcebe9da9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2da839be34f62be8b34579fd107c3262

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

psapi

EnumProcessModules

shlwapi

SHSetValueA

user32

TranslateMessage

ole32

CoCreateInstance

oleaut32

LoadRegTypeLi

Exports

Exports

HookProc
RunUI

Sections

.text
Size: 33KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE