05f4036b2730d2576badb52172dbd350_JaffaCakes118 | Triage

Sharing

General

Target

05f4036b2730d2576badb52172dbd350_JaffaCakes118
Size

54KB
MD5

05f4036b2730d2576badb52172dbd350
SHA1

2e9a5a4d4364f08378026562c87ffdb3be41becf
SHA256

2d376f671fcf1fa845e8a59a77cae754735f8a3e85dc06f914d9dcfa25acc511
SHA512

7c03c796096899b9cbf08dbbb262d2009ee083d56bdfcad4771a819631d4d49c87876d1fa073d2ff0647876631a82f83e039ced5289cd9974e0a18c2908bdcfa
SSDEEP

1536:BfQAl+7ovONAotry7iPybhxL9OJFy8a8D8vcm5utzLkG9Djo:dQAl+pN5MtF0I3dMt/kI8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05f4036b2730d2576badb52172dbd350_JaffaCakes118

Files

05f4036b2730d2576badb52172dbd350_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE