625893efd1ff1181e18cab1c422e9394_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

625893efd1ff1181e18cab1c422e9394_JaffaCakes118
Size

68KB
MD5

625893efd1ff1181e18cab1c422e9394
SHA1

9a3a86755f4399ab1c81a2b84fef2414aaec9a2f
SHA256

1b93323709e6c8933809e52d3319d6b9402bb95fbf90551a94b8cebb9d311e80
SHA512

37371874cad5178374a8cf0ac95a88ceecd91c467f7f67d1ca47feca47b42f21f447471c1558b820cc945099c8399955220c9fe4f90d9d4c297c85ba2194928f
SSDEEP

1536:dfQAl+7ovOOtsyd96MYD7ZId4KxQ8dh2YoHcdKGUS3weRKM:5QAl+pbynQzn8wGUSPRKM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
625893efd1ff1181e18cab1c422e9394_JaffaCakes118

Files

625893efd1ff1181e18cab1c422e9394_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE