35a473948f81dac910442f3c3f6ea6c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35a473948f81dac910442f3c3f6ea6c1_JaffaCakes118
Size

24KB
MD5

35a473948f81dac910442f3c3f6ea6c1
SHA1

0454dbecfdacebfe55ca140886e1eb365452884f
SHA256

d0bca6cd099731925a33f8a8465896e68daf070e4bb6b7f264990bbfa67c1132
SHA512

7713b47c7b6d54a2232100d99451d8767a38bd7171e53c826f96f9ab4f507cf4fcd00f5b506ea4aa8885f136b53b0cdcf0b117ab615fef70edd8e190e9432cb0
SSDEEP

96:TIoIIyDA4o56PEJu1Uoo5/y54zLVOnmSCjpoSs2BPIke4UPvC6y2:JIIyDAT56s6Uoeq5sREmSWpvP44UT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35a473948f81dac910442f3c3f6ea6c1_JaffaCakes118

Files

35a473948f81dac910442f3c3f6ea6c1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c87cad7df5903fd37c32be6790c882e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
GetProcAddress
GetModuleHandleA
lstrcatA
lstrcpyA
GetFileAttributesA
lstrlenA
lstrcpynA
LoadLibraryA
lstrcmpiA
GetModuleFileNameA
FreeLibrary
GetVersionExA
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
DebugBreak
DeleteCriticalSection
GetDriveTypeA
InitializeCriticalSection

user32

CallNextHookEx

advapi32

RegFlushKey
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 381B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ