74f9ea2c70389e9d9cffe89434275998_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

74f9ea2c70389e9d9cffe89434275998_JaffaCakes118
Size

56KB
MD5

74f9ea2c70389e9d9cffe89434275998
SHA1

ca7d2a38c81c968866d3bab85e36f76eb563de7e
SHA256

84b91f2ed5fa1c9e94a5b7a8f399643a8a972f9826ac018892b6b2ac98b29afb
SHA512

4530eff78a07ccaaa696dc9f54673041be3c79cb9d7c1c0e090eefa15b933f91acedcfeea6f505e3f73995ce176c09bf555dcdbe81b62d7259d6bbc89b75b9e6
SSDEEP

1536:ZLKIn9PJnLAOvjBMDUfdgXx+c2ni/Spde:ZLZ3LAOLBMYfmXxmnige

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74f9ea2c70389e9d9cffe89434275998_JaffaCakes118

Files

74f9ea2c70389e9d9cffe89434275998_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

40bea82671fe91bb4cc153ba460cc800

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

GetPixel

wsock32

WSACleanup

wininet

InternetReadFile

shell32

ShellExecuteA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

CODE
Size: 49KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE