000d04f421b13eaf3c63427c4ac164fa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

000d04f421b13eaf3c63427c4ac164fa_JaffaCakes118
Size

55KB
MD5

000d04f421b13eaf3c63427c4ac164fa
SHA1

fcb4bf397f380fcb9c0b14178a01aa9ec7e4abcc
SHA256

71ac396598787bdc8932195b9482773db4b7f52e5e00d5556b9f5b2862fbd01c
SHA512

6371d63a5790dee47310f16bb43d9f6cd461fc9cf4435c093f968386e2e6af6010a5ab1ddd8b68c3c24510646cbc34b31b0b27297459700b42073ad38cd1addf
SSDEEP

1536:BfQAl+7ovO0sgRU5jaGdaGVIDr4S1IvrZe:dQAl+pCU5jaGdaGa1eE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
000d04f421b13eaf3c63427c4ac164fa_JaffaCakes118

Files

000d04f421b13eaf3c63427c4ac164fa_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE