998ad229d0ba63256d7c534c9327b043_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

998ad229d0ba63256d7c534c9327b043_JaffaCakes118
Size

33KB
MD5

998ad229d0ba63256d7c534c9327b043
SHA1

07208f25e9a302283465bada857204393bcffc0c
SHA256

8c06d305fdfbb7b52d3544cf97cf685b7575913c91389efc77a46f7a4cd01b44
SHA512

e7600a74932d320d19bb8722c448cdf7836eaf59258093fc63ceaf4486859466906deccbd920cdc4f3749683d148740451b7010106436e518ec6c54a346c7afb
SSDEEP

768:ssY8Fw7TrWP1zpBg/fRwAjJbBQNpF6khRkmw7De:sr8Fw7TSP1GfxjJcpFT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
998ad229d0ba63256d7c534c9327b043_JaffaCakes118

Files

998ad229d0ba63256d7c534c9327b043_JaffaCakes118
.dll windows:5 windows x86 arch:x86

35ea46f077964817978698f6cac7bd9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

user32

LoadStringW

ole32

CoInitialize

oleaut32

VARIANT_UserFree

rpcrt4

NdrOleFree

shell32

SHGetFolderPathW

shlwapi

StrStrIW

ntdll

memset

advapi32

RegFlushKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
HideIcons
Reinstall
ShowIcons

Sections

.MPRESS1
Size: 27KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE