e564f733a1770433c528aabaaa1b4f76_JaffaCakes118 | Triage

Sharing

General

Target

e564f733a1770433c528aabaaa1b4f76_JaffaCakes118
Size

42KB
MD5

e564f733a1770433c528aabaaa1b4f76
SHA1

bd0c51d9804e68aff2ed42018325457235f7942e
SHA256

2a3d9c6580034ee53583a1e258736f92d77a9e48a8658e2040afbc6459f6f6d5
SHA512

1aa6d15d6f15d168cc949996b58e8b37b53ee60f708526cd7da408e9345b0ce8b81523e24585806038cbd42be2b7851c9a4fd74188e2f1265275fdc27d7ce85b
SSDEEP

768:atj+ZsANytyuDqIeJ6PLuCO2qQlgTuorrOw6tOl3RT0bxUsTWQ2fX:WjFCPpcPLuCO20aoQM3RgVUFv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
e564f733a1770433c528aabaaa1b4f76_JaffaCakes118

Files

e564f733a1770433c528aabaaa1b4f76_JaffaCakes118
.dll regsvr32 windows:6 windows x64 arch:x64

5eddc054fb0b48a4bdf81f75f9b1b4c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

ord15
wnsprintfA
StrStrA

kernel32

GetModuleFileNameW
Sleep
GetProcAddress
LoadLibraryA
GetCurrentThreadId
GetCurrentProcessId
DeleteFileA

user32

GetMessageW
DispatchMessageW
GetForegroundWindow
SystemParametersInfoW
GetSysColor
SendMessageW
GetWindowTextW
SendMessageA
SetTimer

gdi32

GetBkColor

Exports

Exports

?hoperd@@YAHXZ
?kompw@@YAHXZ
?paramt@@YAHXZ
DllRegisterServer
DllUnregisterServer
PluginInit

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ