028c524c038346dc6d51fcdab0b7b084_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

028c524c038346dc6d51fcdab0b7b084_JaffaCakes118
Size

17KB
MD5

028c524c038346dc6d51fcdab0b7b084
SHA1

7d32e324948c8d1e9fe079b3194754fdc4afb779
SHA256

1c576d5b6dee488b6791856ba0f5e50a2f5eef83a427766db3b51878bb8d9584
SHA512

a2b6b8cb035e4c6540ff85033a10dd967478fcaaadbc817c4f69183761dd88aa2d5a57b31fd11a91b4f8ea1668c1e491adbb9a8f4162fb27d2b68d1edbc8e478
SSDEEP

384:wRFgdyTaCRHk+7hPvVwm5CVfhpFUnF8Nde:wHgwTHHl9PvefhpFUWr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
028c524c038346dc6d51fcdab0b7b084_JaffaCakes118

Files

028c524c038346dc6d51fcdab0b7b084_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

61390896856866d9252683e13e8e5503

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

rpcrt4

UuidToStringA

ws2_32

htons

wininet

InternetCrackUrlA

shlwapi

SHDeleteKeyA

urlmon

ObtainUserAgentString

user32

IsWindowVisible

ole32

CoTaskMemFree

oleaut32

VariantClear

atl

ord23

msvcp60

??1Init@ios_base@std@@QAE@XZ

msvcrt

time

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.rdata
Size: 10KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE