5db6cf7c3d68d5275e0a9f341d5bf5e6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5db6cf7c3d68d5275e0a9f341d5bf5e6_JaffaCakes118
Size

89KB
MD5

5db6cf7c3d68d5275e0a9f341d5bf5e6
SHA1

b2b81bc5b8ca93cb05f2fd67e6f545fd6190678a
SHA256

82635e916f5e8b4620eb7f2d2a57f7dbe942d8b848191182d76e4f357fe418c6
SHA512

6739e4ad860993a6d27f46401666ab489d80ab26e0b189a6d8e3a66dad5ee960965a6f4e046af8d6a497f914777825249b09a3089dda3a96ace06cb33184c684
SSDEEP

1536:S4lN99G71Xs45qTw4GrHDsZy/+V5DuPedeXKuNXjQFxwF:T27J5AZiDn/kQG89Xj8xwF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5db6cf7c3d68d5275e0a9f341d5bf5e6_JaffaCakes118

Files

5db6cf7c3d68d5275e0a9f341d5bf5e6_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

5a5a20c461128919ba1fe01940034d4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

user32

CharNextW

advapi32

RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
ITUseDefaultObjectLookupOrder
WMCreateStreamForURL

Sections

.MPRESS1
Size: 83KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE