08f0067c80e85671c45a10725d48c368_JaffaCakes118 | Triage

Sharing

General

Target

08f0067c80e85671c45a10725d48c368_JaffaCakes118
Size

32KB
MD5

08f0067c80e85671c45a10725d48c368
SHA1

5beca5e63dadc76196333e771843a0957c39675e
SHA256

6d75ad45f5650abc057fdc72ff530c736e51c852d2faacab098d98acd77e5994
SHA512

aeaa027245cfa8c633b735f95f0c0134e3c1fd9845e85118a19b64f53dca876cc05a367fc892cee23725184d81192c84e1af17d6d04b7bb291467d5aab73ec04
SSDEEP

768:oPy7k+Uga8KdFqWcGe9MF74qDJ7+JHbK+yJTQX7DQsIX:F7J1S8FG7us+woIX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08f0067c80e85671c45a10725d48c368_JaffaCakes118

Files

08f0067c80e85671c45a10725d48c368_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

e9496645f863d0655e9b55533aee3ac3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

ntdll

RtlIpv4AddressToStringW

advapi32

RegCloseKey

ws2_32

bind

user32

CharNextW

ole32

CoTaskMemFree

oleaut32

UnRegisterTypeLi

iphlpapi

IcmpSendEcho

winhttp

WinHttpOpen

dnsapi

DnsFree

Exports

Exports

DetectNAT
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 24KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE