009174610752b886a7436d2f32835ec5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

009174610752b886a7436d2f32835ec5_JaffaCakes118
Size

69KB
MD5

009174610752b886a7436d2f32835ec5
SHA1

1c4d8b37743213c5be89efd7c08f2f67219d654d
SHA256

f67b0ca7b4fca6561732a6d0d5558f05aa3fe41902f0ebdf014d53d61fcab457
SHA512

ab97eb5f392da0a9839a09451d5faa696e3d92e79ffa1eafc7c917711f93a544fc3094f7808dec4fee2aa1b6190d72514d91924272a633ef640f8dfc2e75410a
SSDEEP

1536:BfQAl+7ovOE8TCSwCT0DucabTVA6+nYmIjxlQCC463NcC:dQAl+paKPz+Yrjxlc4sNcC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
009174610752b886a7436d2f32835ec5_JaffaCakes118

Files

009174610752b886a7436d2f32835ec5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE