04ff8dcd6805e823957060c4ffa4e6cb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04ff8dcd6805e823957060c4ffa4e6cb_JaffaCakes118
Size

66KB
MD5

04ff8dcd6805e823957060c4ffa4e6cb
SHA1

38febeab72d1eaa2c9092e654257fc5ded77da34
SHA256

b34fdddfa196f6b5ddffa9ab0298a8baad075096361b0b439bf239c3e17bdf8e
SHA512

b0dd02a7277b6363b82dd8aecf5584b4a207a38e9937fc3d39da6fa0c954cb0aa8c1904afbecc5bc524c333e6c31dd899a6e4ae4ac7328e905d1e50f9783ae4f
SSDEEP

1536:BfQAl+7ovOwDg7pbuMQxQX97hBi67Qf1B3fH6iIT2gSDVWmbtwtwj:dQAl+pwitunQttBN7GB3/6iI6g6VWmb/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ff8dcd6805e823957060c4ffa4e6cb_JaffaCakes118

Files

04ff8dcd6805e823957060c4ffa4e6cb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE