3587356f801d28014a50533ecfc798e0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3587356f801d28014a50533ecfc798e0_JaffaCakes118
Size

211KB
MD5

3587356f801d28014a50533ecfc798e0
SHA1

dec78e07f7e65cab86bb9dc36adbe46c4836e0f5
SHA256

baa2dd3750c737a3cc53748301ea2cb4b03296cc576bbad2c3563e95a2b12d9e
SHA512

5b12557d02fcde4afb267939feee912b34f5944fb9639560bbb833931c54da00941dc320a45d03a3a8d3dbfced8b1160b0437e71e6e6635d398c028e7e1f8adf
SSDEEP

6144:NUEzIEZRclMth/nNW9uADryGs0pPpkfE6nODeo3:NRIEZmgHW9zpJ6geo3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3587356f801d28014a50533ecfc798e0_JaffaCakes118

Files

3587356f801d28014a50533ecfc798e0_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

c1d482482b22e81009a4a11b138b578b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

atol

gdi32

BitBlt

user32

GetDC

advapi32

RegCloseKey

ole32

CoInitialize

oleaut32

VarI4FromStr

version

VerQueryValueW

crypt32

CryptProtectData

psapi

GetModuleInformation

winmm

timeGetTime

ntdll

RtlNtStatusToDosError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 204KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE