3cca8c9a689ec76dbd74471b4baf71a3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3cca8c9a689ec76dbd74471b4baf71a3_JaffaCakes118
Size

15KB
MD5

3cca8c9a689ec76dbd74471b4baf71a3
SHA1

5665983a7754cb237ae7d962ae34d3e6ef3ea87c
SHA256

a79a1a908467510fefde12c526f8935f5d84fdb32c8030367f5b91328d248e55
SHA512

d2127a23a8d0c4ac720db73f439e18b364f5c6836e94066eba4987e6863b190cb77735b0b6c7167c262ca8e3190d201a72e9e055da228429c643859bde6821ed
SSDEEP

384:vQUxVcdPuyhCVrAWNLk8eGcbcTpW9XLHiHrH:LcdPHhYrA2QGca2XLHiz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cca8c9a689ec76dbd74471b4baf71a3_JaffaCakes118

Files

3cca8c9a689ec76dbd74471b4baf71a3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5404d67ecabe61dd199817c531ade5fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord4698

msvcrt

??1type_info@@UAE@XZ

user32

CallNextHookEx

advapi32

RegQueryValueExA

ole32

CoInitialize

oleaut32

VariantClear

urlmon

URLDownloadToFileA

Exports

Exports

?DelHook@@YGHXZ
?SetHook@@YGHXZ

Sections

.text
Size: 9KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE