03677cafe5872838cb3ce23ccd084f76_JaffaCakes118 | Triage

Sharing

General

Target

03677cafe5872838cb3ce23ccd084f76_JaffaCakes118
Size

63KB
MD5

03677cafe5872838cb3ce23ccd084f76
SHA1

97ee9a4c56a333092ad3a5fef12dae42459d0109
SHA256

6207e69e39c2e4eca05ae6719218ea6ca37ae0625f41610c9025bad7db59ef3c
SHA512

8ea4df95918463057e38ae9eec34a70e66ec6ffb6b8df0bda52befe27f663f971e1701f5be56d8daeae57fb8286faef01de8067106033f77e6f57b9f8a2795bb
SSDEEP

1536:BfQAl+7ovOq5S/PgsKGBqx12VTu/XTb04HDR4YD3kF0a:dQAl+pFzBqPccT9H6PFf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03677cafe5872838cb3ce23ccd084f76_JaffaCakes118

Files

03677cafe5872838cb3ce23ccd084f76_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE