03515b225a9e5af4c4fed3caa146d99e_JaffaCakes118 | Triage

Sharing

General

Target

03515b225a9e5af4c4fed3caa146d99e_JaffaCakes118
Size

78KB
MD5

03515b225a9e5af4c4fed3caa146d99e
SHA1

7daf4d96f0d782740e1595f56c4c59c2dd39a1e3
SHA256

6d34e5f1d1b592d7d263b3a84e383c7048afef29ccea154ddb384beec9083493
SHA512

82acf402fbc3784570c47366420b2260c176b2ecedc2f4e346e162ade330be81fc1d04a9616bee50ab01ce2a86694df94c0af725446c3a495243e324a5c800f4
SSDEEP

1536:BfQAl+7ovO5BI06NnkTgPPPmy3wiX3lqBHkjHB6wmhoQj4GbpqtX365:dQAl+p5BcnkTgPP9wc3l2HC6wmeI9psM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03515b225a9e5af4c4fed3caa146d99e_JaffaCakes118

Files

03515b225a9e5af4c4fed3caa146d99e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE