67258e9c636e8ae19e321d8bb838eb2e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67258e9c636e8ae19e321d8bb838eb2e_JaffaCakes118
Size

37KB
MD5

67258e9c636e8ae19e321d8bb838eb2e
SHA1

76f26d4c52dc7ee6467d44e85b5d15009b5c08d1
SHA256

5da8d8863f1d480f3fbb5fc409cac892119c5cb7535880fc7a69ef6a68ccd184
SHA512

92577e63baff31e19dc47cd924438e5ca8a9e6069846174a6d8aca59e5d4203a14b7e0872850eb595f68b6b2760fdc7ad807d89989dbf6335bbaff3769f443f0
SSDEEP

768:zm03WWeTG7aNllzVgzyBc+Oz95GW+GX5UtgohHA8pFpfxdw7DC:zbghlzsyB3OzPGWL8hgaFtr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67258e9c636e8ae19e321d8bb838eb2e_JaffaCakes118

Files

67258e9c636e8ae19e321d8bb838eb2e_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

0bef564164f586795aba3af275babab4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

ntdll

RtlUnwind

advapi32

RegCloseKey

ole32

CoTaskMemFree

oleaut32

VariantInit

shell32

SHGetFileInfoW

shlwapi

ord487

user32

CharNextW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
MigrateSettingsW

Sections

.MPRESS1
Size: 31KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE