16b9f49507ad36792112f4fdd6faa44b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16b9f49507ad36792112f4fdd6faa44b_JaffaCakes118
Size

39KB
MD5

16b9f49507ad36792112f4fdd6faa44b
SHA1

4a2683db1abd9d8fdcdfcdcb0c722fcba036cace
SHA256

35b049f7ff631e65ad6ee5750ce3896ff797528085657e7c5eb031d627a0038c
SHA512

a71f4d3a4b510a12797075f96e0ba10ccd1c3f324c05e00d1cb01cbba12ebda46ed7bfe9f3fb678cdeb02d96b8f46d09ac134ab76c307d1ab9d8b1fcfc26269f
SSDEEP

768:itRq1k9h/TmelaAgVHHtFUwr50v52ihP8h3Ah+U1e7QbS+NMG8JP+/:iTqk91T3jknWXhN31KeNEm/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16b9f49507ad36792112f4fdd6faa44b_JaffaCakes118

Files

16b9f49507ad36792112f4fdd6faa44b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b1c85b482e793f99aff6250aa51ec02f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceA
SizeofResource
LoadResource
LockResource
FindAtomA
GetProcAddress
AddAtomA
FreeResource
VirtualAlloc
GetModuleHandleA
VirtualFree

user32

ValidateRgn
wvsprintfA
VkKeyScanA
wsprintfA
TranslateMessage
UnloadKeyboardLayout
UnregisterHotKey
VkKeyScanExA

advapi32

RegQueryValueA
CryptSetProviderA
CryptVerifySignatureA
RegSetValueA
RegReplaceKeyA
RegUnLoadKeyA
RegQueryInfoKeyA
CryptDecrypt
GetUserNameA
CryptGetProvParam

Exports

Exports

nerpyjwhb
nqqucc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 966B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 258B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ