6af9ccd3e55a82f47ac520967d094cc5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6af9ccd3e55a82f47ac520967d094cc5_JaffaCakes118
Size

40KB
MD5

6af9ccd3e55a82f47ac520967d094cc5
SHA1

3e7b8f0168e2b364ad852a5e24bdbafd98477959
SHA256

34c7f01132c8226227e21aa58991c05779995206e88fe3014714db79bd188fe0
SHA512

6dc0d58cbe9ba293224ed4ab0113d0a371a6cac88330b389dd48d329ac997739ceb33c458ef769030ba3926095cfd77f3606238296699c94d2801be828026c8a
SSDEEP

768:S6/NxZUDiCSqED9b1rlfEWSs9pkavmOAtOjogLa1m2IQA:thsVSq69xrlfEMcmpLaJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6af9ccd3e55a82f47ac520967d094cc5_JaffaCakes118

Files

6af9ccd3e55a82f47ac520967d094cc5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d67511da1cc0965df8df03a402395c00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetSystemDirectoryA
GetProcAddress
GetLastError
CreateMutexA
WinExec
CreateProcessA
VirtualAlloc
LoadLibraryA
CreateThread
GetModuleFileNameA
CloseHandle
InterlockedIncrement
GetLocalTime

user32

SetWindowsHookExA
GetMessageA
DispatchMessageA
FindWindowExA
PostMessageA
CreateWindowExA
ShowWindow
UnhookWindowsHookEx
KillTimer
SetTimer
DefWindowProcA
RegisterClassExA
CallNextHookEx
TranslateMessage

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

free
_except_handler3
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_stricmp
strchr
sprintf
fopen
_initterm
malloc
_adjust_fdiv
strrchr
fclose
fwrite

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ