0348846f6c7de610287ba14d54eb4c01_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0348846f6c7de610287ba14d54eb4c01_JaffaCakes118
Size

67KB
MD5

0348846f6c7de610287ba14d54eb4c01
SHA1

212004019f9e3d108902adf39a088e20e372bc07
SHA256

9c7ea139d5832d7967b3d8189353e267d6d903f4eda125fe430ba0a6ef281e44
SHA512

bfc6e26e775e06292aa02ca79792a5b2513223a29ea2e7b97e6f2065a156aca7cf9d1d4dd4ff5ce67c94209587e79a527843e058094c749058d29bd7c1d1350b
SSDEEP

1536:BfQAl+7ovOe2lIEYEP4w83R4np6zcbO/0YCLpCGQr6XcOKjIWcgIjM:dQAl+pnlITEwP3JzqsqLpC4PM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0348846f6c7de610287ba14d54eb4c01_JaffaCakes118

Files

0348846f6c7de610287ba14d54eb4c01_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE