70bfa4877c1994735064d24a986dad16_JaffaCakes118 | Triage

Sharing

General

Target

70bfa4877c1994735064d24a986dad16_JaffaCakes118
Size

71KB
MD5

70bfa4877c1994735064d24a986dad16
SHA1

18580c81f204660207086aebb1bb4080a878daf1
SHA256

6d410aa976e3cb0549d494a927d285f075c319cb35eac3bdbd1787c7f9ae1fe2
SHA512

6c52ba57ba602c78b8975743115f2b5001c45e010baf0159f35b709a563572ae97fb5ff3ad3987d6f3572f091822bf6cf00a6e71b277521d706373ed75a4f4df
SSDEEP

1536:BfQAl+7ovOxPOojNXX6TWqKv3Mf5JMzloBMOW1+7:dQAl+p9ZjNH6T+vMf5i2BMB+7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70bfa4877c1994735064d24a986dad16_JaffaCakes118

Files

70bfa4877c1994735064d24a986dad16_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE