0ae308a226f445b15b4edf39fabd2dc5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ae308a226f445b15b4edf39fabd2dc5_JaffaCakes118
Size

383KB
MD5

0ae308a226f445b15b4edf39fabd2dc5
SHA1

da14e03d2658951e502c2e68212bab1549f9cad1
SHA256

ddce4eb5e5c61064a1fef1c23ee06cceb87fc7189318e65817472f43d8daecbc
SHA512

d8e221d5558153d1daa72b1d0ff31ae65575249b7623205063b96d9293b08f9b745834cd07d74fa4322286e389707643767f60adf52df62c623f364d9f039777
SSDEEP

6144:ay3tNkI+fCf6dTNgAHrpWitqxfw6O2tigetUHEqnrZPMULvicOcyxjTRpceKK99D:RUI866lNgAHrQ4t6O2tigeCpl5vJOcwd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ae308a226f445b15b4edf39fabd2dc5_JaffaCakes118

Files

0ae308a226f445b15b4edf39fabd2dc5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a01aada07e1345c57ca946351da9b9d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

IsEqualGUID

comctl32

_TrackMouseEvent

urlmon

URLDownloadToFileA

wininet

InternetSetOptionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 369KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE