050210c29f025fb75571e2f0a820f1f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

050210c29f025fb75571e2f0a820f1f7_JaffaCakes118
Size

73KB
MD5

050210c29f025fb75571e2f0a820f1f7
SHA1

345f32b8278a06e1f8b3373ab2f4a7faf50301ae
SHA256

badccf265b5fe4f66fc4b444d4effbbd2251d09e1019af72481260e681426bc0
SHA512

23fb7e27317479aa2ef12e6a7da9afafa684f272d85d5331f0ac7b1cbed697abba28ffc0582b354e284a5e9b97b53b4e67501a0057448b5760431f51dab70dac
SSDEEP

1536:BfQAl+7ovO2EMUuBwk3DvMdMblu3oyMUL6CwZaaBb2d:dQAl+p2FbwWDyae1MUuCwZaaBbo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
050210c29f025fb75571e2f0a820f1f7_JaffaCakes118

Files

050210c29f025fb75571e2f0a820f1f7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE