72fa732e995e28ead857966b87d7ec9d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72fa732e995e28ead857966b87d7ec9d_JaffaCakes118
Size

74KB
MD5

72fa732e995e28ead857966b87d7ec9d
SHA1

72c221308d7358221d91ccd4510339faf6bd535f
SHA256

da1380b3bb5ee0b5924c1848c3d5bd0d4537354c02b34991d4cb4647ea4c01c8
SHA512

bddfc7af59153efca630222a7d2e89a26b756cabee5ff7a32892cbebd259d9ca605c1c1611c97176c6957e4ba6d47b5853d8f8b7a887942a115d113891cba99d
SSDEEP

1536:hUY73PS6Dfo1jgxcuOqx9QdDWupMMVdjOC3ChBISk:KYWYfo1jgxcQx9QdDW23ShB5k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72fa732e995e28ead857966b87d7ec9d_JaffaCakes118

Files

72fa732e995e28ead857966b87d7ec9d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2f07d81b5b9e1c8a68815c34d7d4d19d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

mouse_event

advapi32

OpenProcessToken

wsock32

WSACleanup

oleaut32

SafeArrayPtrOfIndex

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

CODE
Size: 68KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE