6969367b18a6e690057598d9f7aa6138_JaffaCakes118 | Triage

Sharing

General

Target

6969367b18a6e690057598d9f7aa6138_JaffaCakes118
Size

54KB
MD5

6969367b18a6e690057598d9f7aa6138
SHA1

6e9f28cfb0759e7a923eeda06836458ddc71bd4e
SHA256

0026bbf5bbf93d161bdc03b584ab20b2d16a2f84a003b89a0558961c1a296108
SHA512

990e3b26293cace79050fc98391434b1f9d41d20f00e8a9df979c5f4f4639dd46f5b21593973f27563a8650615e2ee5ad1a5f2baae67a159e51eb4d22e956013
SSDEEP

768:2I0SNlaD8AumlnTfh7MBphEpiC8QP/mttkhatw0Pt8UH6hlSbtk/2jzw2IRz8nUq:1SD8wDh7MBphf2cE0PHa/JxVC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6969367b18a6e690057598d9f7aa6138_JaffaCakes118

Files

6969367b18a6e690057598d9f7aa6138_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

381714d1370441a785f9ee4273c77e7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

gdi32

CreateDIBitmap

user32

GetDC

advapi32

RegOpenKeyW

shlwapi

ord199

shell32

ord16

ole32

CoTaskMemFree

oleaut32

SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 48KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE