fb1e0448884277d57c0a19157a5e282c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb1e0448884277d57c0a19157a5e282c_JaffaCakes118
Size

31KB
MD5

fb1e0448884277d57c0a19157a5e282c
SHA1

cdb259c79209513fd74e73d951d53534af6d75ae
SHA256

b656970b413cf2356c0c015de40bb39e3881e42ba8c2d06f805368712ef09700
SHA512

05295cb9f4687a92c722cb61f7277007f020278b0081052897d3161c10df38b9d4885cfec5ab83deb3d3d45a686f8ae53ce3a79626d10efffbef15265812be67
SSDEEP

768:f0iTDYZMzaAtVSJIcyR9h3/P0FaFNs3qU:fHDGfUMecyR99/FNF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb1e0448884277d57c0a19157a5e282c_JaffaCakes118

Files

fb1e0448884277d57c0a19157a5e282c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5d663cb1d150b933959d5f91c01364df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

MessageBoxW

advapi32

RegDeleteKeyA

ole32

CoTaskMemAlloc

oleaut32

VariantClear

msvcrt

strrchr

wininet

InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 21KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE