f3b003e8a8f74e60741274182d989792_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f3b003e8a8f74e60741274182d989792_JaffaCakes118
Size

19KB
MD5

f3b003e8a8f74e60741274182d989792
SHA1

48d1fd5d824187f5ea5693d5f5c14c3a7bc43421
SHA256

7588140f04a197d915fcd1d529af33db2730dee9d92b16bf23f948ed835ce773
SHA512

d8c52319a4758874466638de031d374538e6b38d3121591211c080b199c20b8bfd95fcb65f4bf751f8faada0b92107b97320db6354075e1e019bea8b901359c9
SSDEEP

192:vHlTLZuq2z5KZcwXY9F81WLqwF8j1yqTHjNOU7mU9+hMjTc8+OScKFOcjI946/+h:9TTdKi9eS/msQgM0q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3b003e8a8f74e60741274182d989792_JaffaCakes118

Files

f3b003e8a8f74e60741274182d989792_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

958abcb4cadddcc0645930826b2a018d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
GetVersionExA
SetEvent
CloseHandle
WaitForSingleObject
ExitThread
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
lstrcpyA
GetSystemDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
CreateThread
CompareStringW
CreateEventA
lstrcatA

user32

wsprintfA
wsprintfW
CharLowerA
PeekMessageA

advapi32

RegCreateKeyA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ