928d937a002f0fda15087b9963bfb31b_JaffaCakes118 | Triage

Sharing

General

Target

928d937a002f0fda15087b9963bfb31b_JaffaCakes118
Size

56KB
MD5

928d937a002f0fda15087b9963bfb31b
SHA1

b8f3fb94533f8e2ee33566dc36561cb3dbaa11e6
SHA256

66ad5c01e4837c6616362398e121e6b6f7b5bcbfaeb8eaead8bf195a7bae9eae
SHA512

2258103d0985226631cc093cdc74b31b1c90c4072d56498432ab4b2b696f705994ac69d53d7a34d55588cbd541506c14c728bf4e20d275d2803d29963346a4a4
SSDEEP

1536:WSraRApM9DPtkxjHAoRnHcncSILxr3glTFdUIyM:Z2RApoDAD5RnIFqbgtF6IL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
928d937a002f0fda15087b9963bfb31b_JaffaCakes118

Files

928d937a002f0fda15087b9963bfb31b_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

ccaf25b739a0aadbcc443d5d45f09d02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

ntdll

RtlUnwind

advapi32

RegCloseKey

user32

CharNextA

ole32

CoTaskMemFree

oleaut32

SysAllocString

shlwapi

SHDeleteKeyW

shell32

SHGetFileInfoA

ws2_32

WSAGetLastError

iphlpapi

GetIpAddrTable

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 50KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE