d329ba70d63efe640900d63621764b2d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d329ba70d63efe640900d63621764b2d_JaffaCakes118
Size

44KB
MD5

d329ba70d63efe640900d63621764b2d
SHA1

d3b1a9d8090600e66ba6aee84bcdb4d23231a5a6
SHA256

e869708f420eb3e050275b0d1cd0c79a757e5be4a0848e71821612522b634b47
SHA512

f1a6407c2a91ff47455de450956c8f770020edced4b551fa9f81f9a2b95c28ec3e786e45ec1bbb558243829575e98becc7764e4df2938761bb7a2ae991646ed0
SSDEEP

768:+k62g0oH5t0jIypkavDc57mmoEd0gLa1M:+k6z5tuIhLllVLa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d329ba70d63efe640900d63621764b2d_JaffaCakes118

Files

d329ba70d63efe640900d63621764b2d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1a3f119edd8661ccccc281aca09c8159

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
InterlockedIncrement
WinExec
CreateMutexA
GetSystemDirectoryA
CreateThread
VirtualAlloc
CreateProcessA
GetLastError
CloseHandle
GetProcAddress
GetLocalTime
LoadLibraryA
GetWindowsDirectoryA

user32

SetWindowsHookExA
FindWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
CallNextHookEx
CreateWindowExA
ShowWindow
KillTimer
SetTimer
DefWindowProcA
RegisterClassExA
UnhookWindowsHookEx
PostMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

free
_except_handler3
strchr
fopen
fwrite
_stricmp
fclose
strrchr
??3@YAXPAX@Z
_initterm
malloc
_adjust_fdiv
sprintf
__CxxFrameHandler
??2@YAPAXI@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
irUArJjqQ

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ