d6558d0eaeace087ebdabae373e1dd50_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6558d0eaeace087ebdabae373e1dd50_JaffaCakes118
Size

36KB
MD5

d6558d0eaeace087ebdabae373e1dd50
SHA1

a64e344230c17c1170fff66e29e769a32df97c0d
SHA256

f7752762b21d1ae15eb6646aabec52791fbb3938583b53716593ad93bc7c565f
SHA512

a90f731d5cadae6552bcd12767f1f6f443838512a71186a41676b79e4671b07a2c12cc2960604dc6c513eadb0c4f42bf3ff179cbe05d23c339c58a676844d073
SSDEEP

384:f+sUZmWIOlqGQ44RbV2gocynG3gvYI8S3lGAWJSvEP:m1HI6qr44RbV2RcyG3yYIH3lGAW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6558d0eaeace087ebdabae373e1dd50_JaffaCakes118

Files

d6558d0eaeace087ebdabae373e1dd50_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

67139a5c6f22ae58fa587d220067b107

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedIncrement
CloseHandle
DeleteFileA
GetModuleFileNameA
GetLocalTime
GetProcAddress
WritePrivateProfileStringA
LoadLibraryA

user32

CreateWindowExA
ShowWindow
KillTimer
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
CallNextHookEx
FindWindowExA
PostMessageA
DefWindowProcA
RegisterClassExA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

_initterm
free
strchr
fopen
fwrite
fclose
_stricmp
malloc
_adjust_fdiv
_strlwr
_access
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
sprintf
strrchr
__CxxFrameHandler

Exports

Exports

DllRegisterServer
DllUnregisterServer
OqiF
qDwHmyfBQgGr
uHdSDUaivmLWxJxBs

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ