3d0fec626ce0b6420bff6b86b1746be0_JaffaCakes118 | Triage

Sharing

General

Target

3d0fec626ce0b6420bff6b86b1746be0_JaffaCakes118
Size

53KB
MD5

3d0fec626ce0b6420bff6b86b1746be0
SHA1

85b1e0fa79d1121790f60c7204b40fc73c783f27
SHA256

b5eb54ee4f0bb02319ded1de59481ddcbf4a876a993432ea01b3551444dc87c8
SHA512

37e1c6056863fa9b110f49b0a8d7906a37dbf6bbc8b31994a8f2bfada4843f82aaa24787c06a48a5ab2ccda26190560e550d979c675308e51ac4ab444d8bdc8e
SSDEEP

1536:m2ljWtN0P1z4UAzvJeUFhKIfZwTybMnLIaxGRYahi2:mWWtN0P9AzwUFhKLTybMnkaQRRX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d0fec626ce0b6420bff6b86b1746be0_JaffaCakes118

Files

3d0fec626ce0b6420bff6b86b1746be0_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

9bb67d7575acfae4b138944714ef8d40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

user32

GetDC

advapi32

EqualSid

gdi32

BitBlt

ole32

CoInitialize

oleaut32

SysFreeString

comctl32

ord17

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 46KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE