88bc97f8b7a5c6dcc336a3beb0c3d4c6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

88bc97f8b7a5c6dcc336a3beb0c3d4c6_JaffaCakes118
Size

22KB
MD5

88bc97f8b7a5c6dcc336a3beb0c3d4c6
SHA1

dd66be37a3bb4a2bbfb61d7527f594e8d39b99d3
SHA256

ef3af22c1220214113b66cb572bf0aedb7a1f0d0d3b1ff6d0def909a398d5ccb
SHA512

ca2dde7e2865c7805d42961e6afcfb07b74ffdbe3814418245848b5ec5cd2f3e2c56958c67ca62a30efda6812a78fd69f0b30bfcd49aeafecb43a640d390b9ca
SSDEEP

384:keHfF2EnQ9aiVUt74AkpszobMJBJJmpQZ67vvxlLJWdIBWW:ke/F2ECaiVUaA9YOTEKZ67DKIB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88bc97f8b7a5c6dcc336a3beb0c3d4c6_JaffaCakes118

Files

88bc97f8b7a5c6dcc336a3beb0c3d4c6_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

08933d7404b19654ccb78ebf5aaa023a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

ntdll

EtwTraceMessage

advapi32

RegCloseKey

shlwapi

SHDeleteKeyW

ole32

CoTaskMemFree

oleaut32

SysStringLen

wtsapi32

WTSQueryUserToken

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 17KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE