165c975c7d9b06d15725a68305d038a0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

165c975c7d9b06d15725a68305d038a0_JaffaCakes118
Size

87KB
MD5

165c975c7d9b06d15725a68305d038a0
SHA1

fe6c41ff9756b544070375434c1893ae02a4d376
SHA256

80d9a89f9f1b9eb2dfa478d5aaedb9b4f92db26d2ddaa7d61f7047c30547ac07
SHA512

daf9fae851b580dec42aefd1c1dfc887e74cf1e4f08297c094a7e89b4999c82e03146c02c4ebbd1b26d90287b2cafc8111265d60a21637bde3a5d445465d8ef9
SSDEEP

1536:MQYCsUwffXljp/2gfCb0P9PegBgp8THfa195ab4eiTYQZvzAHd5k9Mo5PzEDK0v5:MNUwf/ljpuACb2HC1y4vvzsd5eMozXM5

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HaxLib.dll
unpack001/Loader.exe

Files

165c975c7d9b06d15725a68305d038a0_JaffaCakes118
.rar
HaxLib.dll
.dll windows:4 windows x86 arch:x86

cea68c55c08df73459e9d3c720a8c7b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetAsyncKeyState

gdi32

DeleteDC

advapi32

RegCloseKey

Sections

.text
Size: 65KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Loader.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 11KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE