49230092792dc7c6d7ca4ada413c97ab_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49230092792dc7c6d7ca4ada413c97ab_JaffaCakes118
Size

36KB
MD5

49230092792dc7c6d7ca4ada413c97ab
SHA1

9c514ecbb7e087b4ecf2c5eee8fbc3595b7324d8
SHA256

40ac60bf4221df043946a0e9e20d986e26440ac6fffb9901c6ed92dfe2b4f345
SHA512

eb48381a10f3a73f433ed1f9ebd19d6be08f916cd53adc824b6f3960a37f2d3944eef388194ffc13e91e6fa79ccb84220eba6b066f83f54d8fa9b23b518c02d8
SSDEEP

384:roNp5F0fSmFkbJvBCF3vohD2uPEx9crFGYRwh9mV2XIr:ENTCfSw0Z6QhD2kG9crFNmIr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49230092792dc7c6d7ca4ada413c97ab_JaffaCakes118

Files

49230092792dc7c6d7ca4ada413c97ab_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7a25229d42558fb3bb9635a6e06b3605

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
LoadLibraryA
GetModuleHandleA
MoveFileA
DeleteFileA
VirtualQuery
SetLastError
VirtualProtect
GetProcAddress
ExitProcess
SetUnhandledExceptionFilter
WriteProcessMemory
GetCurrentProcess
GetVersion

user32

SetWindowsHookExA
CallNextHookEx
FindWindowA
SendMessageTimeoutA
MessageBoxA

msvcrt

_strupr
_adjust_fdiv
_initterm
free
malloc
memmove
_vsnprintf
fopen
fseek
fprintf
ftell
strstr
strncpy
strrchr
fclose

Exports

Exports

DllRegisterServer
Rundll32

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ