06d401c67e0805113252f25ecf0a1199_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06d401c67e0805113252f25ecf0a1199_JaffaCakes118
Size

105KB
MD5

06d401c67e0805113252f25ecf0a1199
SHA1

3a116c57f77d34affe0f232c6ef27649f2087b85
SHA256

58294d2fa255ecceb9e3b26462bd7b9516ea3cbc29ade44be5599464cdb7a2c4
SHA512

e8c8c3f8f6f2409877bd6af0a78599ae5bd1637e796bfe19e47f87e69f526d191515036b3ceebc12ee804d2339ae0abd4e0336fea7353b6ba0b69b65dea8f280
SSDEEP

3072:EYQsb6UqDKSoNUip68Uqyd0oDhVtQJKyB0H22lq0npmQ:EYQsb6pGRWCoDRQJpB0W2Fm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06d401c67e0805113252f25ecf0a1199_JaffaCakes118

Files

06d401c67e0805113252f25ecf0a1199_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

1afc8e98c9d5c85f36fa1212ad61ad12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

user32

GetDC

gdi32

GetSystemPaletteEntries

ole32

CoTaskMemFree

advapi32

RegOpenKeyA

shlwapi

SHDeleteKeyA

msdmo

DMORegister

Exports

Exports

CreateInstance
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 100KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE