0c195c386c66d026429a5cb04c9959c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c195c386c66d026429a5cb04c9959c4_JaffaCakes118
Size

8KB
MD5

0c195c386c66d026429a5cb04c9959c4
SHA1

f0a57809ead11084efc1c8cd6fb51e2741d77d3f
SHA256

824d4db0a215dfc43aa113056aab6fa494f019bf80dd471f9bfb381bfdad8bab
SHA512

1ae34e0877b6243355370f294ad5c545a1ef49895a3ba3c14dc8be21ae772fa5d3654ed6c067a745098fd87db850e243d6211ca2041d4fe0d1a051a1e2173b39
SSDEEP

192:9N3+7khM7GmEWt9b6OgJB2c3DsPKgJ7+itK7Az:v+mQgOgBoJ7+8K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c195c386c66d026429a5cb04c9959c4_JaffaCakes118

Files

0c195c386c66d026429a5cb04c9959c4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6ecc0a039ac7718508f456dff0caba0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
GetLastError
GetModuleHandleA
VirtualAlloc
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
HeapFree
ExitProcess
VirtualFree
Sleep

ntdll

NtQuerySymbolicLinkObject
memmove
NtDeviceIoControlFile
memset
RtlInitUnicodeString
_allshl
NtCreateFile
NtQueryVolumeInformationFile
NtClose
_vsnprintf
NtOpenSymbolicLinkObject

wininet

HttpSendRequestA
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

advapi32

RegQueryValueExA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ