331f766e5c65411c6a768c4734595710_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

331f766e5c65411c6a768c4734595710_JaffaCakes118
Size

15KB
MD5

331f766e5c65411c6a768c4734595710
SHA1

35e723da48a00d617348f72bd87204b90a224770
SHA256

306bfcd4f4d08b5111b6433568ee2fc368deabc6516de5bd8a8db1789dd73c99
SHA512

34275204c703f738401f194bed8f89a844b7f1e359fcec4bdcbc94bd8faf56e3684ddb588e259bd3d4829a69e80c5fb8a984ee250aac2f6eea440a79fe146e83
SSDEEP

384:D9SWffq2Pe/8iepyu+LVTpWD6cQy7ILI:D9NHqkevepoL5Ncl7ILI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
331f766e5c65411c6a768c4734595710_JaffaCakes118

Files

331f766e5c65411c6a768c4734595710_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b2c5c4d704be8b1739747aeaa98acd35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord5307

msvcrt

??1type_info@@UAE@XZ

user32

CallNextHookEx

advapi32

RegQueryValueExA

ole32

CoInitialize

oleaut32

VariantClear

urlmon

URLDownloadToFileA

Exports

Exports

?DelHook@@YGHXZ
?SetHook@@YGHXZ

Sections

.text
Size: 9KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE