50b85bd2e717636185191f150cec3919_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

50b85bd2e717636185191f150cec3919_JaffaCakes118
Size

73KB
MD5

50b85bd2e717636185191f150cec3919
SHA1

db4439eab16d80d5993b206899a68850ddbf0949
SHA256

7ee5bfeccf036116e646ea62e182e6150b41fd396324a9b886a4947dd1203bf6
SHA512

8cc4f7ff25fea75441c6312304cf32c5ea0d7d93ba7f3ac2fa686fc95ac746b0bf39a5bd042603ab05c801fa0667a97344a9cd021c0ae8cc51e3350f3c13a4e6
SSDEEP

1536:SnLOWoS0Fkx7AfUXKMpCJH1ppXdDZ6XpNGP+6i5JktEwNfQyFvCA2a:cOWoSOdfyxpCB1XFM5IPY5QeA2a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50b85bd2e717636185191f150cec3919_JaffaCakes118

Files

50b85bd2e717636185191f150cec3919_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

e6f3f213180e6540afdb9e1a7a1a5c40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

ntdll

NtClose

advapi32

GetAce

user32

CloseDesktop

rpcrt4

I_RpcBindingInqLocalClientPID

Exports

Exports

CreateHardwareEventMoniker
DllInstall
DllRegisterServer
DllUnregisterServer
HardwareDetectionServiceMain
ThemeServiceMain

Sections

.MPRESS1
Size: 67KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE