ac126655a16cb24990907ec774657454_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac126655a16cb24990907ec774657454_JaffaCakes118
Size

13KB
MD5

ac126655a16cb24990907ec774657454
SHA1

8cfd39603bad2ac285d498de22786e3ee736ccef
SHA256

3baeaf72aa86db8e9a4c99680fbccbaf1395d13ee5e4aa9a9287eec4002dbfff
SHA512

676b79726b071db76a69d0e846cf6f600b720b99f781b9c94378a94255afe51e524af33b30084564161a5ae3b0b11452573c9d098a361af1646231d865aff13a
SSDEEP

192:SaRUEwvKhLCdRRfswTP3AdaezwwOSJZNf8PxrRqTpWJrHplXSjj:SaR9yRPfPSF8PxrRqTpWhHp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac126655a16cb24990907ec774657454_JaffaCakes118

Files

ac126655a16cb24990907ec774657454_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ceeb4481b95acd72e48a8259e988bba1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord5302

msvcrt

??1type_info@@UAE@XZ

user32

CallNextHookEx

ole32

CoInitialize

oleaut32

VariantClear

urlmon

URLDownloadToFileA

Exports

Exports

?DelHook@@YGHXZ
?SetHook@@YGHXZ

Sections

.text
Size: 7KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE