413e2f9f83ef8c58f70f097cfec2b4af_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

413e2f9f83ef8c58f70f097cfec2b4af_JaffaCakes118
Size

60KB
MD5

413e2f9f83ef8c58f70f097cfec2b4af
SHA1

43d7ed8f309acbfcad9c5d5e48d5d870e247db8e
SHA256

8f87d8323508574c2311da12610f3d99d2fe8f3d6a47fc1429c2ba46e296377a
SHA512

11f490af15452431ea86584e29edc6d080292a603ad9f0b4e2b440e922e96bd7ac7d34daf750d732c04a880afde830ee0353f2f7888c23db00e0f0ac652ef0d6
SSDEEP

1536:BfQAl+7ovOegipDnENWVHKN7YPzxz/Qv8x:dQAl+peIkHKN0PzJQv8x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
413e2f9f83ef8c58f70f097cfec2b4af_JaffaCakes118

Files

413e2f9f83ef8c58f70f097cfec2b4af_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE