007ec3f5880dce8afcf7c4fc5ce0b98d_JaffaCakes118 | Triage

Sharing

General

Target

007ec3f5880dce8afcf7c4fc5ce0b98d_JaffaCakes118
Size

70KB
MD5

007ec3f5880dce8afcf7c4fc5ce0b98d
SHA1

19ea59d47652a7e55315c23ef702fae111da700f
SHA256

3921eac161434b3f40b57a6b7a1f63a5dbd4443b0a80a976ebc93f742dd99fc0
SHA512

86dbdcf4a49a57bca1697c18ab1d1772fd300b963a2db0d26f848ff45cccc43591f892c915c84d44cd7fb1a7d2d0e1b702164fb77a37f842931f9b60c33e9295
SSDEEP

1536:7Fedc75zdTT1HOGNnJNtN8BEuXjtPOHebeIB+c8l9bY2sRaC7lPyz:7Fe+75zB1HdnL/8BEcjtWtW+csh0lPe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
007ec3f5880dce8afcf7c4fc5ce0b98d_JaffaCakes118

Files

007ec3f5880dce8afcf7c4fc5ce0b98d_JaffaCakes118
.dll regsvr32 windows:10 windows x86 arch:x86

6d945c712a19ea3ffdb0bcf033e058ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

ntdll

NtClose

ole32

CoTaskMemFree

oleaut32

SafeArrayGetDim

user32

CharNextW

advapi32

RegCloseKey

shell32

SHGetFileInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 64KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE