f0036c476a544945daf3a86c162cde69_JaffaCakes118 | Triage

Sharing

General

Target

f0036c476a544945daf3a86c162cde69_JaffaCakes118
Size

26KB
MD5

f0036c476a544945daf3a86c162cde69
SHA1

ccf31b0bc330fbc73e3d65f83b032b869e9fc033
SHA256

c2286e6d75835abfba2546d6e45171a74c9e98b39ecfa382a466dca7d71c4172
SHA512

f0efde6d11d3f824b2ada7cb7035e4a9ef2336ba9ccaa82f39141b6fce7b150d6b74e85cde27f5072f495293057fc6b76ceacbe30213e1ead734bf42de93c4c4
SSDEEP

768:xcpFGA+/R8PcO1aX2l/KQrNkKTayY+l81J:xQYRW1qQeKhYS8f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0036c476a544945daf3a86c162cde69_JaffaCakes118

Files

f0036c476a544945daf3a86c162cde69_JaffaCakes118
.dll windows:1 windows x86 arch:x86

3c0e70bfa5f73f1f1cef484e2bcb5bf8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA

user32

MessageBoxA

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
access_sub_license
close_key
detach_from_dll
open_first_key
open_next_key
query_key
set_rnbo_lib_parameters

Sections

.pklstb
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE