c8d187b9504c4ead8a115cd1b7ab8b15_JaffaCakes118 | Triage

Sharing

General

Target

c8d187b9504c4ead8a115cd1b7ab8b15_JaffaCakes118
Size

228KB
MD5

c8d187b9504c4ead8a115cd1b7ab8b15
SHA1

82368a969277a01e4e2e6014c9fae9bf46a78d4a
SHA256

8b140e38624ff088396476cb53b6c7952ed7ff05340da15a3da495b6b389f2e9
SHA512

53996f140aafecb987413954fd56c086a1849b96f4fdfa482cdc6b7fbc9f53699c07b6efb6f4d9e1171d571fbe08d21227bb5a56bbdbf4823f3687f24dc595a8
SSDEEP

3072:3OUpAN+u6f0h5sLuqStrSyexlMlPm25pr97GwdfqqI2sB5eH+DXqdZfi5POrz0fs:M6fYUVL725pyq8B0HwXQZOOHb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8d187b9504c4ead8a115cd1b7ab8b15_JaffaCakes118

Files

c8d187b9504c4ead8a115cd1b7ab8b15_JaffaCakes118
.dll windows:4 windows x86 arch:x86

15ea5e7594f976829e145b9a5ae92b7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

wsock32

WSACleanup

Exports

Exports

inhook
unhook

Sections

CODE
Size: 219KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE