0401e5668a90fd889439c64cc507d860_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0401e5668a90fd889439c64cc507d860_JaffaCakes118
Size

54KB
MD5

0401e5668a90fd889439c64cc507d860
SHA1

26c589185a6f2f05397327ed5397a1fd0d8ce602
SHA256

754f2798dfb429d3b3f70f224be60dfba166ae3f40b50da0c6c31750d4a441a6
SHA512

f010287c8b3c6eafdf8e003e30d858195e11ac8f8f437c61daa2de7dc8573e28c44968497ee5dcce82434433564034ec4be1567a5e62d9a786fa110520332071
SSDEEP

1536:BfQAl+7ovOqyRxLhqSvKl+S5RayOoWyJzi5qxL4Vp:dQAl+pqyXpvClj2eR94Vp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0401e5668a90fd889439c64cc507d860_JaffaCakes118

Files

0401e5668a90fd889439c64cc507d860_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE