b4e4b7fd8fef1ddb655bf474807d0eb6_JaffaCakes118 | Triage

Sharing

General

Target

b4e4b7fd8fef1ddb655bf474807d0eb6_JaffaCakes118
Size

40KB
MD5

b4e4b7fd8fef1ddb655bf474807d0eb6
SHA1

94850b1a84306169fb8b31159264b1cd786c575c
SHA256

11172020a548f8f965f9e19bce0e49a8987692980469ccf19e1924404bcd8a67
SHA512

28604695fd9528890cc43edb0af7fed4c867a467175e724fd5ae408ca45c99232759affa5aa7fe0752ea28e032353c8ea542ece72cbd0f1cde5141f2d0811d64
SSDEEP

768:6egpVtt+4if1pr07Tpxw+iLGFh6p5ahP+YxKNiDhunObvtfa:UpVPCL8/wEn6TahPrxKkDhqytS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4e4b7fd8fef1ddb655bf474807d0eb6_JaffaCakes118

Files

b4e4b7fd8fef1ddb655bf474807d0eb6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

636af2d3ed8384d81239100dcdaf4415

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
GetProcAddress
VirtualFree
GetModuleHandleA
FindAtomA
FindResourceA
SizeofResource
LoadResource
LockResource
FreeResource
VirtualAlloc

user32

VkKeyScanExA
ValidateRect
UnloadKeyboardLayout
UnregisterClassA
WaitMessage
WindowFromDC
wvsprintfA
WinHelpA
WaitForInputIdle

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueA
RegEnumKeyExA
CryptDecrypt
RegCloseKey
CryptImportKey
RegCreateKeyA
CryptSetProvParam
RegQueryInfoKeyA
RegConnectRegistryA
RegSaveKeyA

Exports

Exports

fgbflo
kcqflcqpb

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ