a8152b05f4e297bf7fc70a193ec52216_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8152b05f4e297bf7fc70a193ec52216_JaffaCakes118
Size

65KB
MD5

a8152b05f4e297bf7fc70a193ec52216
SHA1

35bf627751184a03db908d8c6948f10d50e13326
SHA256

72c4f107a4646ba91ef10e5b874b264583155de0b2731eb07622b070da861441
SHA512

3936a10066c559c89bc5e061919045887b21ab35b980673bb066c6b441d609a0386c1cb425081614256497c1a6e94a3ba34de98978c79a9a9a1b5530bef8b518
SSDEEP

1536:dfQAl+7ovOOt9ddaAgn7wjvHKtG8V72ttA59JbNcp:5QAl+pMSGKtG8l2ttA5/ep

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8152b05f4e297bf7fc70a193ec52216_JaffaCakes118

Files

a8152b05f4e297bf7fc70a193ec52216_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE