0c0eacf351db0400fb918e18643d4da2_JaffaCakes118 | Triage

Sharing

General

Target

0c0eacf351db0400fb918e18643d4da2_JaffaCakes118
Size

6KB
MD5

0c0eacf351db0400fb918e18643d4da2
SHA1

6c5060e5c083b4fbf94bba13fb6ec80aeee3a9f2
SHA256

5a585d425ab5384ab0ea1a5e24586ed51ac168a440c5cf5bea08f9e7e0f65f79
SHA512

29505f0ea06fbbe07b5ea2c9751ffd5bfdec501d8fdb397b7e5b3e278d038ac2dc640491cee209b4b5927ea74f7f730b82318c1e2f2d6cb710e702b66d6b7b50
SSDEEP

96:L1v6SKAS51HSkxiiMFFatck75XahJbJMvEYEm3qanntcfnp3f:LZWRxi/Mtc8ahJWVRtYpP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c0eacf351db0400fb918e18643d4da2_JaffaCakes118

Files

0c0eacf351db0400fb918e18643d4da2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

422877cbb8e6b1935d152457538edd51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

wsprintfA

advapi32

RegCloseKey

shell32

SHGetMalloc

ole32

CoInitialize

version

VerQueryValueA

Exports

Exports

DoService
IsAdmin
ShellLink
g

Sections

.MPRESS1
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE