32961dbd53b6d60fb183e851b1fa9cac_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32961dbd53b6d60fb183e851b1fa9cac_JaffaCakes118
Size

32KB
MD5

32961dbd53b6d60fb183e851b1fa9cac
SHA1

301666d335d86439541d605bc7ea0def3f9d6d84
SHA256

b11ce11a525a6282e0758379e94665ed6c31be33d9de36031c1c849c186900b2
SHA512

dc87fbe227c0000c05580b334618390005444b8eb768de33385dc7cc410f676a2524cd51f88bcc603a0e3ea7d962e29af469b09a72519702d4aa1b7ce399e9d8
SSDEEP

384:4l2uM7zSfFCtbTZpmA1XqaFewVq0WXGEe9:M2u8zW4tfZpmA1XXFNq0WXGV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32961dbd53b6d60fb183e851b1fa9cac_JaffaCakes118

Files

32961dbd53b6d60fb183e851b1fa9cac_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f7ed1fdae0aacf53663c8aea8bd8af73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
CloseHandle
GetSystemDirectoryA
DeleteFileA
GetWindowsDirectoryA
InterlockedIncrement
GetModuleFileNameA
GetProcAddress
LoadLibraryA

user32

GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
ShowWindow
KillTimer
SetTimer
UnhookWindowsHookEx
RegisterClassExA
CallNextHookEx
FindWindowExA
PostMessageA
DefWindowProcA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

_initterm
free
_access
strstr
__CxxFrameHandler
??2@YAPAXI@Z
strchr
_strlwr
malloc
_adjust_fdiv
_stricmp
sprintf
strrchr
??3@YAXPAX@Z
fclose
fwrite
fopen

Exports

Exports

BsCvJZGVLpXzGEzwPe
DllRegisterServer
DllUnregisterServer
mtYuRWNxiLqtwsBD

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 842B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ