816e97b8ad62f096c6c02ae899ef97db_JaffaCakes118 | Triage

Sharing

General

Target

816e97b8ad62f096c6c02ae899ef97db_JaffaCakes118
Size

83KB
MD5

816e97b8ad62f096c6c02ae899ef97db
SHA1

3fa7e92c999e6b575fe9b48c220a8d3b7d1a95c7
SHA256

6a15746ec8c07fcc5f10e6cc85049b44be07824bd6c66aeb45994d3274c7fa25
SHA512

5d1ae06c4489c0022a32809d2dd8d53ef374d96c08a244673f86586f95f662363b7912784c40e4e0d4c3e0beec6a938b847212d528501916d4bf19b790804b3a
SSDEEP

1536:c+YK6Q5CXMFR+W45mc8M+kGsIhMMa7Yc4Givd1HiTpq:KY5C8W3cFhNCWcpq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
816e97b8ad62f096c6c02ae899ef97db_JaffaCakes118

Files

816e97b8ad62f096c6c02ae899ef97db_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

cbe2c162775bcd31a0f376d2df15a501

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

query

BindIFilterFromStorage

advapi32

RegCloseKey

ole32

CoGetMalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 78KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE