3f46bc8fa49eeed23598bf203665a8b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f46bc8fa49eeed23598bf203665a8b2_JaffaCakes118
Size

9KB
MD5

3f46bc8fa49eeed23598bf203665a8b2
SHA1

f77639388690966590a43660da85f4fb823e368c
SHA256

976598921a4a91049fead9aa92d3349e0fbbc2f1cb3c0ae29029b05309bcb9ef
SHA512

7504988335a8f11b19e5f002a0df67f08200734154465b1fe11f8ee986126df186ae5dbd0a02a453e53e21d651cf5f74b5086211cd09e6cb6cf25e20162b4846
SSDEEP

96:MCo0MVBFw1PQg4MDQEKmH5Hnf3X3X3frPf3Q4bs3gqob/Vr0YAp8UJgibt:ArFwhGUxnTo4bswqUB0YApjt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f46bc8fa49eeed23598bf203665a8b2_JaffaCakes118

Files

3f46bc8fa49eeed23598bf203665a8b2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0942bb7bc8333d9783d282ab959d8867

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
SetWindowsHookExA

kernel32

GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetModuleFileNameA
SetFilePointer
Sleep
SystemTimeToFileTime
TerminateThread
DeleteFileA
WriteFile
lstrcatA
lstrcpyA
lstrlenA
CreateThread
CreateFileA
CloseHandle
ReadFile
WinExec

advapi32

RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA

wininet

InternetGetConnectedState
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA

urlmon

URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ