6105883e4a730ee0b5871dc7f8bc83df_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6105883e4a730ee0b5871dc7f8bc83df_JaffaCakes118
Size

38KB
MD5

6105883e4a730ee0b5871dc7f8bc83df
SHA1

737419a7606fc83121b17d8b716eccd25ece05fe
SHA256

15abd7965a3b93c0dffa2b73d1a40d9442f987dc0b829b807615ba4f8320f426
SHA512

8924543a25c0ba0685cd39ec4fbd540760f2a856ae56e319496aadb04793a59f6aa4c101e70356f9a4d2ce4922e4114bc6b86225f8fa157896428b144030f322
SSDEEP

768:XxjDQp6DsOfL62l8ovOoBKugyiSoy2wl43StQuZnJTF5vt+WAZe5i/DasaZr:BfQAl+7ovOoB1Ji5y2QAMQKJTFx0pZG/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6105883e4a730ee0b5871dc7f8bc83df_JaffaCakes118

Files

6105883e4a730ee0b5871dc7f8bc83df_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE