0397d49ee8e4d6acd6245afcac5a5062_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0397d49ee8e4d6acd6245afcac5a5062_JaffaCakes118
Size

54KB
MD5

0397d49ee8e4d6acd6245afcac5a5062
SHA1

1d8155e54ce6da24e52a579dbdfb5ed4a451b1b8
SHA256

0abb421d5c61325f1bab8f19314a9c887f4210acc686346d6b1060c20bdb5186
SHA512

d5e385b6083644cd272cc8fca9a0bfed88598f56b1191e1d99db473314dca0b3498dfb01d8d92861a36cc235e4c897a395ebde0e066fd3ba4916ae4df04fd625
SSDEEP

768:XxjDQp6DsOfL62l8ovOg3A9q4OX1VggJVpbFUOYOSiTvU5ItxgIlXBSXIn7K1yLg:BfQAl+7ovOg3kqlvhmkz9PxWIm1y4WoL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0397d49ee8e4d6acd6245afcac5a5062_JaffaCakes118

Files

0397d49ee8e4d6acd6245afcac5a5062_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE