00fc9b3ad23a06b378bd99b786dabf7e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00fc9b3ad23a06b378bd99b786dabf7e_JaffaCakes118
Size

66KB
MD5

00fc9b3ad23a06b378bd99b786dabf7e
SHA1

af1178834526f96472b9dddb9bdb7ae679ffec95
SHA256

b610177785c48304fa87abc48300a55360acdff28a568b388e181d25dba9a870
SHA512

22b22a071659abba83e877dec936271b4c0e877ed542729cbf7c44dd33694dd68835e2f0afc82e5c5ec83c3530a42f46e10365c063dabd3910717068db845a2c
SSDEEP

1536:BfQAl+7ovOxHqadFZSzb7k+17a2Zrcb6n0gH47zp3FU:dQAl+pxH/F4zb31Vcb6HYXp3FU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00fc9b3ad23a06b378bd99b786dabf7e_JaffaCakes118

Files

00fc9b3ad23a06b378bd99b786dabf7e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE