735ff889145c5069e63b40509b3b0bdd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

735ff889145c5069e63b40509b3b0bdd_JaffaCakes118
Size

129KB
MD5

735ff889145c5069e63b40509b3b0bdd
SHA1

3a66b8fd6b26d0cc55d0aee94a3f3473754a1be8
SHA256

4b2ebf9a2853ba32c5a2406ed17304c138be66656a41aee0bf157a37ede39b8c
SHA512

b328eeec5ac46769c153af30665e2649f17af25584a14613e6902779723c4caa6521d905f6f836d2dd07580f7f6b730d4c4484a2e11c35e74e43d14b94ade67d
SSDEEP

3072:5tfdy7q/s0T7zs8uNxO2r/aZ+fuzQCpERIa7T:Y7c3zsxZi8gTEl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
735ff889145c5069e63b40509b3b0bdd_JaffaCakes118

Files

735ff889145c5069e63b40509b3b0bdd_JaffaCakes118
.dll regsvr32 windows:10 windows x86 arch:x86

4800e518852f631e485d4555dc03fb10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

oleaut32

SysFreeString

ole32

CoTaskMemFree

advapi32

RegCloseKey

user32

CharNextW

shlwapi

ord12

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FreeDumpStreams
GetDumpStreams

Sections

.MPRESS1
Size: 124KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE