6fc370c59e939b5612164a1478015556_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fc370c59e939b5612164a1478015556_JaffaCakes118
Size

36KB
MD5

6fc370c59e939b5612164a1478015556
SHA1

1b62456eba94a3fe2ad79891ab3e55609a4c283b
SHA256

c993842d9cfb9da9c317c294bfe4fa6c3acd2801354ee6055d30461836910f4a
SHA512

c994e3e23bca53c102e62a0cf5d00babad403841e40f76e9bcb168a76c5887d06788115e7e46267640dffbc56e4bc2c703d204401dec600392b1459c3c7e6650
SSDEEP

384:MgQeemFg0Fk7wF6wj3zJxFGYRwh9d+2F1cr:q1muq1R3zJxFNGyr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fc370c59e939b5612164a1478015556_JaffaCakes118

Files

6fc370c59e939b5612164a1478015556_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7a25229d42558fb3bb9635a6e06b3605

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
LoadLibraryA
GetModuleHandleA
MoveFileA
DeleteFileA
VirtualQuery
SetLastError
VirtualProtect
GetProcAddress
ExitProcess
SetUnhandledExceptionFilter
WriteProcessMemory
GetCurrentProcess
GetVersion

user32

SetWindowsHookExA
CallNextHookEx
FindWindowA
SendMessageTimeoutA
MessageBoxA

msvcrt

_strupr
_adjust_fdiv
_initterm
free
malloc
memmove
_vsnprintf
fopen
fseek
fprintf
ftell
strstr
strncpy
strrchr
fclose

Exports

Exports

DllRegisterServer
Rundll32

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ