09920e9ef3f7d62789b40bc194219109_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09920e9ef3f7d62789b40bc194219109_JaffaCakes118
Size

232KB
MD5

09920e9ef3f7d62789b40bc194219109
SHA1

b75ebfc11db290dd2daf37a5718990273ba247ad
SHA256

09660f589e66010257681d3df2366c5b0234778afe76e4d0467b6f74e867d59a
SHA512

cd1babd673c9c014ecdf6a5c15dd79c5f6a4d4da3a075677634a3c127a749651303ae17b48202dd7495bef7753c831991754d4be11f310fa724765920da61f45
SSDEEP

6144:eStGqlSaLaACp8JXfR2MfSoOWM6SDFpjJFVo16iRV+mB4d:eSoaLah8B4os6aVooiRV+mWd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09920e9ef3f7d62789b40bc194219109_JaffaCakes118

Files

09920e9ef3f7d62789b40bc194219109_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c6bd88a180f3b09c51f12ef30478ab04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

IsEqualGUID

urlmon

URLDownloadToFileA

shell32

ShellExecuteA

netapi32

Netbios

comctl32

ImageList_SetIconSize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 211KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE