6328011b17927c5c26f938e08aed5200_JaffaCakes118 | Triage

Sharing

General

Target

6328011b17927c5c26f938e08aed5200_JaffaCakes118
Size

28KB
MD5

6328011b17927c5c26f938e08aed5200
SHA1

d1ea0c5ef076751a4cd46a7d308cbe2232426208
SHA256

2be5aa1a9ddc6e987e71cb0ba2e1f1344c95198ac94a7263aba7efc867cb27bc
SHA512

73f421b97915ac343a5e0fed6619540fd31817c9beb4c54637b8978080af84d56256bfac75b4332fbdf85ef767f8fff9b8ae5e8c9fcbdd6be165628bbe9590e7
SSDEEP

768:gylOxeIspbXXoeeeAbc2+Dx/vgGBfypn+B4Ca7DmV:gyIxRmXoeeQzBfy8BHV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6328011b17927c5c26f938e08aed5200_JaffaCakes118

Files

6328011b17927c5c26f938e08aed5200_JaffaCakes118
.dll windows:6 windows x86 arch:x86

16f07c951a9a8af87bc8669ad4a59a68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcr100

free

ole32

CoGetMalloc

gdi32

DeleteDC

oleaut32

SysAllocStringLen

advapi32

TraceEvent

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.MPRESS1
Size: 20KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE