179dca1e01716624e1268e4611392dea_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

179dca1e01716624e1268e4611392dea_JaffaCakes118
Size

32KB
MD5

179dca1e01716624e1268e4611392dea
SHA1

51d2bf17c36f1907efee6b147cc67f5aee928bab
SHA256

874fd05ad4527453476cc6587ba4af1ad3da3211ffed7a065ed31d1e41843e24
SHA512

6ed5ec9d20f6ece896ea0dca86807339276d73da70658b3123dee19727de4becf4970ef208a52d3af645e4a4431d25cf11754eed1f23521a0c6af92a9aac7c29
SSDEEP

384:ZRVJn9paJ2UKuwznm2mVitD+8Mu3ccCVdXhJ:TVJn9aizldtL3ccWdhJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
179dca1e01716624e1268e4611392dea_JaffaCakes118

Files

179dca1e01716624e1268e4611392dea_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b19c63c85e6542c5798e71627c1cc137

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WinExec
GetWindowsDirectoryA
GetSystemDirectoryA
GetLocalTime
DeleteFileA
InterlockedIncrement
GetProcAddress
GetModuleFileNameA
LoadLibraryA
CloseHandle
CreateThread

user32

CallNextHookEx
RegisterClassExA
UnhookWindowsHookEx
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
CreateWindowExA
ShowWindow
FindWindowExA
PostMessageA
DefWindowProcA
SetWindowsHookExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

_initterm
free
strrchr
strstr
__CxxFrameHandler
strchr
fopen
fwrite
_stricmp
malloc
_adjust_fdiv
_strlwr
fclose
_access
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ