05ca1cd8a1075886bcfb638aeeb1017b_JaffaCakes118 | Triage

Sharing

General

Target

05ca1cd8a1075886bcfb638aeeb1017b_JaffaCakes118
Size

14KB
MD5

05ca1cd8a1075886bcfb638aeeb1017b
SHA1

8751636435836f48607f857451f079379edf9a05
SHA256

45ad768f3c73bda6b52b362dca13e9ca1e24171bde1d9d6abfe8aae38b97096d
SHA512

9d1e977fc79254fa074ae996319fad3d3a49ee9efe925d86cee070cc0c8573afae1266466786d8394bb5cb6098e499781497b1577ab2e25a96806a6352d475b2
SSDEEP

192:P8CLBz27KvvemFFFXKePvJjNmJ6I4SFkBOkNusFZkSS1Ky+nwKHPXWsJe//RLwmy:Dz53RI4fFZKKypY9aRTtWUD2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05ca1cd8a1075886bcfb638aeeb1017b_JaffaCakes118

Files

05ca1cd8a1075886bcfb638aeeb1017b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

265a14990eaa4285f48e5aae98598910

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
lstrlenW
GetVersionExA
lstrlenA
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetModuleFileNameA
lstrcmpA
CompareStringW
SetFileAttributesW
RtlUnwind
SetFileAttributesA

user32

wsprintfW
CharLowerA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ