4820485830d650d41af4e812e55a9aa1_JaffaCakes118 | Triage

Sharing

General

Target

4820485830d650d41af4e812e55a9aa1_JaffaCakes118
Size

32KB
MD5

4820485830d650d41af4e812e55a9aa1
SHA1

8e27e6945acf28764b7ce3098f6f085e987d4be2
SHA256

7241396c7e1c0464533683d9e2daf34605f394bbf5f7a269c8901340c8da87d0
SHA512

c92b37b9fb42b3018bd11c3d9baaad1bfcbc40ac31e58cfbf80fbbd1e397ac0cc5be0b4929a59936e0fbb9ff35e591c6e0a41533e861f2723bbaaaf20c90db0e
SSDEEP

384:ay/+H/oZGzkkznR0l7QczSBX5mNtftxD/k:nywQTnR05Qc2BJmNbxD/k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4820485830d650d41af4e812e55a9aa1_JaffaCakes118

Files

4820485830d650d41af4e812e55a9aa1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9267d35af9b324be121b085c12285f47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetModuleFileNameA
DeleteFileA
GetProcAddress
CreateThread
GetSystemDirectoryA
GetWindowsDirectoryA
InterlockedIncrement
CloseHandle
GetLocalTime
WinExec

user32

CallNextHookEx
CreateWindowExA
ShowWindow
SetWindowsHookExA
UnhookWindowsHookEx
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
DefWindowProcA
FindWindowExA
PostMessageA
RegisterClassExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

_initterm
free
strrchr
strchr
fopen
fwrite
fclose
??3@YAXPAX@Z
_stricmp
malloc
_adjust_fdiv
_strlwr
_access
strstr
sprintf
__CxxFrameHandler
??2@YAPAXI@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 778B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ