290159e0a33f91461e915c99d594f7bf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

290159e0a33f91461e915c99d594f7bf_JaffaCakes118
Size

32KB
MD5

290159e0a33f91461e915c99d594f7bf
SHA1

6a4f8f678920179d385f7abb83ab7c2d329b8a40
SHA256

b9d3d9f17da784f9f13ac8be96edfed3ad318874d4dee5eee31ee4a8e17950e3
SHA512

724f7b4899f997181f94a4fdb43e18138c738985484bf510fb3a368aad437a6e2ba6dbb4776ce06a73fe13e8896eab80fe512739693487a2049fb88720a4ac87
SSDEEP

384:9tvnX4135fHruwuAEYETTqzkQWj/xSh65OvmTaiIKP2:9tvoB5fHRuAEYETTqzejsh65OvmTaXR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
290159e0a33f91461e915c99d594f7bf_JaffaCakes118

Files

290159e0a33f91461e915c99d594f7bf_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a72069ab7f47d2421c4eb25d5df2864b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
CloseHandle
GetWindowsDirectoryA
GetProcAddress
InterlockedIncrement
GetSystemDirectoryA
GetLocalTime
GetModuleFileNameA
DeleteFileA

user32

GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassExA
CreateWindowExA
ShowWindow
UnhookWindowsHookEx
FindWindowExA
CallNextHookEx
KillTimer
SetTimer
PostMessageA
DefWindowProcA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

_initterm
free
strchr
fopen
fwrite
fclose
??2@YAPAXI@Z
_strlwr
malloc
_adjust_fdiv
_stricmp
sprintf
__CxxFrameHandler
strrchr
strstr
_access
??3@YAXPAX@Z

Exports

Exports

DllRegisterServer
DllUnregisterServer
QdCdro
YYYEXgOV
lLGpjWveK

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ