43831bb538983eba046baf4376be892f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43831bb538983eba046baf4376be892f_JaffaCakes118
Size

44KB
MD5

43831bb538983eba046baf4376be892f
SHA1

76c4654044f68512e2fe955febbe24f216b6c608
SHA256

3cfea0a936db1993cff727a73136ea54dd98f9e2b48c1efa52fb8b9c6c05407b
SHA512

5ccd400d88f273d43b6986e1a30125e29f0ee9f80480fa258a4dca3da578e1bb06764ee03f84f392dfccc6e99b7f618e755b23cccef01626f80e08c9ecc56efc
SSDEEP

768:TRmLfzlIB6pkav26BY2rULIN3wG+gLa1:ToKz8ULI2GbLa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43831bb538983eba046baf4376be892f_JaffaCakes118

Files

43831bb538983eba046baf4376be892f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8a02f809d3ca956e33982d3a7e2221f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
GetProcAddress
GetModuleFileNameA
CreateThread
VirtualAlloc
InterlockedIncrement
GetWindowsDirectoryA
WinExec
GetLocalTime
CreateMutexA
GetLastError
LoadLibraryA
CloseHandle

user32

UnhookWindowsHookEx
DispatchMessageA
TranslateMessage
GetMessageA
RegisterClassExA
DefWindowProcA
CallNextHookEx
FindWindowExA
PostMessageA
SetWindowsHookExA
CreateWindowExA
ShowWindow
KillTimer
SetTimer

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

msvcrt

_adjust_fdiv
malloc
_initterm
free
strchr
fopen
fwrite
fclose
strrchr
_except_handler3
??3@YAXPAX@Z
??2@YAPAXI@Z
sprintf
__CxxFrameHandler
_stricmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
QdxZRrbWGxuQJ

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ