4ed794f377b7840b3e579076ea2d722f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ed794f377b7840b3e579076ea2d722f_JaffaCakes118
Size

37KB
MD5

4ed794f377b7840b3e579076ea2d722f
SHA1

0245c37949355a03c8860c107a851c713e20f608
SHA256

35b5a073ec36d9607116873a291eaef21ed56daecfa9a7ea53c638b6030331f5
SHA512

dfb05348a5d01016e75afbdaee536126ce37b56914ddad0ab88a3705f265dcab1e4cef618807cba4117894adab6e4339f72c0c93b167664efc93c084cb80ea30
SSDEEP

768:sTZ7w+i6iqjUiQx5Ufep6ICC9h1LijkpfZ8pLi+WpyK7DF:syD6jIJpCC9/LZCe/B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ed794f377b7840b3e579076ea2d722f_JaffaCakes118

Files

4ed794f377b7840b3e579076ea2d722f_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

afc4d595b7df49aaecddb140a830785d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

advapi32

RegEnumKeyA

ole32

CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 32KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE