895672f0dcc57e414732f42baa8c906d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

895672f0dcc57e414732f42baa8c906d_JaffaCakes118
Size

13KB
MD5

895672f0dcc57e414732f42baa8c906d
SHA1

862f7bad73c62d9447b65219ab6d2a68dae16193
SHA256

0462498543ceef54fdc7a6a8158d9b0a06f5d46d11ad7fcc762e15d39c2e161b
SHA512

acecc8cfe454c0fb403145d6924d65c512cc5941854a54ddbc7b9297d1c5f3d086ccdc3e8b72e18e1b480e6f73369feb127d3f21d1f8786bf2db4d5e18a986e8
SSDEEP

384:/+HOfFIajSgnuTv2vLoG7zmP6I7bZn3UYpxWCxV2W:mHO9IPgNzmCIPZnEo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
895672f0dcc57e414732f42baa8c906d_JaffaCakes118

Files

895672f0dcc57e414732f42baa8c906d_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

f9c01a488102407c71dc5e648961669c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

ntdll

NtClose

advapi32

StopTraceW

ole32

CLSIDFromString

oleaut32

SafeArrayCreateVector

framedyn

??0CHString@@QAE@XZ

pdh

PdhPlaGetInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE