36d72469f421ba282424628b1429b5d8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36d72469f421ba282424628b1429b5d8_JaffaCakes118
Size

37KB
MD5

36d72469f421ba282424628b1429b5d8
SHA1

9beb5c3ee79a386981de9bd68a87fdef1b4dd60d
SHA256

6266aa1c9338010e2d8bb588d0ad4740a958c4867ca26eec9294b74fd78cc66c
SHA512

053b6370c5c924608b74a4a0230956f3622896c909bac544df6c65e495c2796d65d446ab213333dc6220e5d1765bea15a85c1d30de78ae266494b53497f9e5b3
SSDEEP

768:8TbrFkBo+lgH9HQIuwKz5FGFO8gIeBU/J2nRb7DIvC:8THSCHZ/8FGwU/J2R8vC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36d72469f421ba282424628b1429b5d8_JaffaCakes118

Files

36d72469f421ba282424628b1429b5d8_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

97bf1b025efca70c7cc6a9a9455a660f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

gdi32

SaveDC

user32

GetDC

comdlg32

ChooseColorW

ole32

CoTaskMemFree

iertutil

ord9

shlwapi

ord29

advapi32

RegCloseKey

Exports

Exports

DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 26KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE