8e5838f1da6ca4a080c0918927cc7361_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e5838f1da6ca4a080c0918927cc7361_JaffaCakes118
Size

65KB
MD5

8e5838f1da6ca4a080c0918927cc7361
SHA1

c08d6fcc70ca6f1958d8e5f03b4820aeae355d54
SHA256

fe5b757f3904f8a51e05eefc817a3e841e62a265e8f8c3802fae420c16f1b81a
SHA512

1e4560d2de0e48f2f41ccb1e0d3903c2fb639c9ac21fbe5feca20dfdfab32bf4e5d4c71f7874f56078c7cc2296709eaeaf9432599014a0e7501bb0f0f12154f3
SSDEEP

1536:yBtTMqOKOY79+8tlWTrmSIC5OdekNSYqo5glzW:lqNx5gAC7AiW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e5838f1da6ca4a080c0918927cc7361_JaffaCakes118

Files

8e5838f1da6ca4a080c0918927cc7361_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

b2ef0442aff087b81828d2a2a3fab570

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

gdi32

GetObjectA

advapi32

RegOpenKeyA

ole32

CoCreateInstance

msctf

TF_CreateLangBarMgr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 60KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE