01cec17a9089317c35806da01215cfa3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01cec17a9089317c35806da01215cfa3_JaffaCakes118
Size

44KB
MD5

01cec17a9089317c35806da01215cfa3
SHA1

99c5adc546af8bfe7c96e974724db8b50b2856c0
SHA256

2af0297a54c1750c056f573f2689befcbcfcb2be1a871052684a21dc8d55167f
SHA512

75f06063ebebc8e9423b3dd3a6a13a449aa9e5e43c5f570d7e5c6be5121f59b23c6800bb2158c9ff159c86d0957dc8e000e921fb72b830992ef555b30f0f3cbb
SSDEEP

768:DmvDUTsH1abvfRw2YmuYnGE0oDqj+ZrpGSGXnTwZ7DNIu:DmvDUTsHcrJwu5nHr/cnTwDIu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01cec17a9089317c35806da01215cfa3_JaffaCakes118

Files

01cec17a9089317c35806da01215cfa3_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

a30f0c89fd4b7bf617900e6d6fd020ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

ntdll

NtClose

user32

CharNextW

advapi32

RegCloseKey

ole32

CoTaskMemFree

oleaut32

LoadTypeLi

shell32

SHGetFileInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 39KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE