071dee22bbb90991edf4b187d9d184d6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

071dee22bbb90991edf4b187d9d184d6_JaffaCakes118
Size

69KB
MD5

071dee22bbb90991edf4b187d9d184d6
SHA1

8db4479e80561e54c0efdfc87b5200f1684c1ae2
SHA256

e441c8945d1b9ef20c5147953d5003378327a4ea2d8afef662056ce69191a7e6
SHA512

ba672a3bb4c0c051efa366d42125605d99e05d543cd3e3e2a55925cffc61a844eb84729429687a1813f2a0dbf42bd2be52948f982f0635049296e790888d1077
SSDEEP

1536:BfQAl+7ovOZ1PK+sD6e4BbEW9MKoKvqspMJMiqNF68PwYilXeBR8Ybs0T5njap:dQAl+pZ1Ns+VbEGoKvqsS+NiluBRVtYp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
071dee22bbb90991edf4b187d9d184d6_JaffaCakes118

Files

071dee22bbb90991edf4b187d9d184d6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d789bbd14d9363f075bb8a0efcaa628b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

time

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE