f1c9eb03578fd502b13cf7f471eddb40_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1c9eb03578fd502b13cf7f471eddb40_JaffaCakes118
Size

21KB
MD5

f1c9eb03578fd502b13cf7f471eddb40
SHA1

80e0913fb58c5590661026efd78fcc4cc730a475
SHA256

6464db314ffc4ad75aa91f0003b08c53abf4c5fe292afc371dd1d1f9f427dc39
SHA512

c183fd39f8d168f6b3474833662fe23066b666149bd25cce0dcd54119a003373f6360d49ae927a902efdd59a3e683f1eebad2735957190745af59bf50195f59e
SSDEEP

384:Nx9iwj1APthgoJyzKL96K42SWSsBZ21pk:L0w5cNrSWSsBZm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1c9eb03578fd502b13cf7f471eddb40_JaffaCakes118

Files

f1c9eb03578fd502b13cf7f471eddb40_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

26b54d17522d0c8c35f9dd95673a9c83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
ExitThread
CloseHandle
SetEvent
MultiByteToWideChar
GetVersionExA
GetSystemDirectoryW
GetModuleFileNameA
lstrcpyA
lstrcatA
GetCurrentProcessId
GetProcessHeap
WaitForSingleObject
HeapFree
lstrlenW
ResetEvent
HeapAlloc
RtlUnwind
lstrcmpA
CreateThread
CompareStringW
CreateEventA

user32

wsprintfA
GetWindowRect
GetWindowLongA
AnyPopup
CharLowerA
wsprintfW

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegCreateKeyA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ