4984f30aed50d7519463ea2b6cd05dd4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4984f30aed50d7519463ea2b6cd05dd4_JaffaCakes118
Size

32KB
MD5

4984f30aed50d7519463ea2b6cd05dd4
SHA1

6af7ef6dc6f72c2b95a753efe39a9b08e0822b1f
SHA256

4b39ff481847fe4be31aac4ed57c009f03822c50237b7b4af422d7dda9e1959d
SHA512

d7a12068e37c4a46bcf87c8f04e14526000b0b8055633da16e0450c25649b666fe7b2660b021e5221b858587b12c28f8ef4698ec6b7e32c19df2bade18d910c5
SSDEEP

384:3mPygrIN5nXOWdFxciVs2s3IYDYRuBWsJap0:2Pyg0N5nXOeMiZs3SuBWTp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4984f30aed50d7519463ea2b6cd05dd4_JaffaCakes118

Files

4984f30aed50d7519463ea2b6cd05dd4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

77ad4c8b7164476c44bab39e87c34b32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetSystemDirectoryA
DeleteFileA
GetLocalTime
WinExec
InterlockedIncrement
CloseHandle
CreateThread
GetProcAddress
LoadLibraryA
GetModuleFileNameA

user32

SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
CreateWindowExA
ShowWindow
RegisterClassExA
UnhookWindowsHookEx
KillTimer
SetTimer
PostMessageA
DefWindowProcA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

_initterm
free
strstr
strrchr
_access
??2@YAPAXI@Z
strchr
fopen
_strlwr
malloc
_adjust_fdiv
_stricmp
fwrite
fclose
sprintf
__CxxFrameHandler
??3@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ