35198a303eb495537f94851aa50662db_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35198a303eb495537f94851aa50662db_JaffaCakes118
Size

366KB
MD5

35198a303eb495537f94851aa50662db
SHA1

001e541bf5d04731942a9df542d20f015c1eb3d9
SHA256

c97c26d01f08f0423c6e074d4852df2692b9976c80a3e0a3b70ff5a694893555
SHA512

847407f417c5b4395d47fc2f12a01b22a15fb196d24f3b813b2779e35f01986a3029fab90f1b30da33e99b47bce1f21433a4d107f509bc30869009455b7c3fb4
SSDEEP

6144:J0aE4Ea8EOO05S+ze+rW+rz8/OmsfXHFpDAnsfXHFpDAGvy:Dj/OO01WwwOmsfXHFhAnsfXHFhAGv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35198a303eb495537f94851aa50662db_JaffaCakes118

Files

35198a303eb495537f94851aa50662db_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

cdgn
close
dgnk
dhnc
ggfx
hmxg
hqdl
up
yjxg
zjld
��ܵ�
��½
��ļ��ӳ��
��
д��ļ��ӳ��

Sections

.text
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ