fe3a341abd87bee03cfd10ed0abdf7a5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe3a341abd87bee03cfd10ed0abdf7a5_JaffaCakes118
Size

325KB
MD5

fe3a341abd87bee03cfd10ed0abdf7a5
SHA1

b0a500f841cc1c0e8e2fc48732390fc9486ab7f3
SHA256

3937e1a818e42cef7e8ef4697f290c945485cd06017ebb14a51101a1f5168964
SHA512

603eeb01534d3b16b760bbd158ddd009b22bbea3f86c232065d45210d6ad73f8780196e6739a266e523b30a5fd55496a6de2a4803e276ddab899f8d117052074
SSDEEP

6144:yYFxGa6+jTluQDJVoHIZ0z7PW0uet1hjdweUt7DTxzP9:yUj93VGHcey4DdY1z9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe3a341abd87bee03cfd10ed0abdf7a5_JaffaCakes118

Files

fe3a341abd87bee03cfd10ed0abdf7a5_JaffaCakes118
.dll regsvr32 windows:6 windows x64 arch:x64

b211bec2627ea9b5322d60ef3ed97e1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadPriority
TlsGetValue
WaitForSingleObject
GetCurrentThread
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
GetSystemTime

Exports

Exports

DllRegisterServer
DllUnregisterServer
StartW
StopW

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ