f635ec18b6943898866a418b3a5d24e7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f635ec18b6943898866a418b3a5d24e7_JaffaCakes118
Size

24KB
MD5

f635ec18b6943898866a418b3a5d24e7
SHA1

e3b3304107f7a11700f6b02320021d25a9af1998
SHA256

2d59c45f1198de2790033bcca06dee3065de66e154423f513782a4dfc1d370e5
SHA512

557578a1553e35f6a416092a6040b6c6f420450a2ce8b6bdde52a8f1ad8eaa5568dbcbf43510b99a9c5a82e691a35b97d1cd8ca7b2654d940aa9629f8dc2bc09
SSDEEP

192:W9ukVu6XL0plYpjfk8sScKFn3uGiGaI8Nm/ROwQTYO:rx7pYOK53iGaIKWROtT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f635ec18b6943898866a418b3a5d24e7_JaffaCakes118

Files

f635ec18b6943898866a418b3a5d24e7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ac9e42fc1e6512eb8b462ae45adece61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
GetVersionExA
lstrlenW
lstrlenA
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
RtlUnwind
lstrcmpA
CompareStringW
GetModuleFileNameA

user32

GetTopWindow
ShowWindowAsync
CharLowerA
wsprintfW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ