b2460ad4a932d8e115d4a4e8a36eb9f0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b2460ad4a932d8e115d4a4e8a36eb9f0_JaffaCakes118
Size

23KB
MD5

b2460ad4a932d8e115d4a4e8a36eb9f0
SHA1

e185486dfda65ad3dff5c717ef08528196f27213
SHA256

d23a3dbe93ce48bbbb762a04d614a7266654737be53c8e8c59039f444ea32318
SHA512

5e81bd34c8a76da84e245cccd659fd4206f4432642f7086ed1b8df621f63070f3271fecb10fb7dbd81b648b037d6c735d60365c07cffd9c659327cd624ecacc4
SSDEEP

384:00ZkaWtAI6KOwKg7iqp8QiKbYnm8lnws0cXyZpCBITkPprAxUB7vvxlLA40WWCJU:00Zc6zwKg7L82b4fmc6PoBrAy7DdJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2460ad4a932d8e115d4a4e8a36eb9f0_JaffaCakes118

Files

b2460ad4a932d8e115d4a4e8a36eb9f0_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

3387707e75dfac43ed7eb712ba5c7da8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

atl

ord15

regapi

RegPdQueryW

winsta

WinStationEnumerateW

user32

LoadStringW

oleaut32

SysFreeString

ole32

CoTaskMemFree

advapi32

FreeSid

shlwapi

SHDeleteKeyW

utildll

SetupAsyncCdConfig

Exports

Exports

CLSID_CfgComp
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IID_ICfgComp
IID_ISettingsComp
IID_ISettingsComp2

Sections

.MPRESS1
Size: 17KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE