0701e1adaf0a4c49c0baf705f93591bd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0701e1adaf0a4c49c0baf705f93591bd_JaffaCakes118
Size

12KB
MD5

0701e1adaf0a4c49c0baf705f93591bd
SHA1

1e51d3dc5536cddd6ba27ef1bbed60f41cca1c96
SHA256

7d7525ff26e7a3b0aac7a69e9f7df0e49ee8e5ba8cd321184cf5d7beede1877d
SHA512

0ce9fad7ccf507d9c7064cb87944b3d65174c076a1ec05b46361d9d0c6a96f67cb1c13aecd66df1f4aeb3dfedb07878b726f10d98657dd5ebc38037ffd5e12a8
SSDEEP

192:C1C0Li858WyEDPUTsfQESqKy+Cr6pkTje//RmJO:ICEi83UOKyBdTYR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0701e1adaf0a4c49c0baf705f93591bd_JaffaCakes118

Files

0701e1adaf0a4c49c0baf705f93591bd_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9e66f6a045639702de3f1bb4950ba99f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
lstrlenW
GetVersionExA
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
ReadFile
GetCommandLineA
WriteFile
CloseHandle
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
CompareStringW
GetModuleHandleW
HeapAlloc
FindNextFileW

user32

wsprintfW
CharLowerA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ