0c48f3f6ebd7568f2d8707b8b043f98c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c48f3f6ebd7568f2d8707b8b043f98c_JaffaCakes118
Size

67KB
MD5

0c48f3f6ebd7568f2d8707b8b043f98c
SHA1

1e695c7fae6e3aa0bccfdc17860b39cde44538d8
SHA256

9a8e70c2970b75432d375f6ea6fbc216dd85fd3e07204b218d67a8a72701a610
SHA512

1bc9caaf8bfe454b8ef43d612b284b3bc4a3abed0bd251a451098dd8976b1dc1c5009c190f619984ee62bdd123b1acbf0f1f2155429730abb977f59e6b1f1c97
SSDEEP

1536:kN++npTG0DyUZyk/ji1g6pzo/yUTyWWmR2hoRFTjSUFyi:h+n5G0DyKCZzKy0yWWmj/SYB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c48f3f6ebd7568f2d8707b8b043f98c_JaffaCakes118

Files

0c48f3f6ebd7568f2d8707b8b043f98c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

55927bf4d38d2b520ce7510859dcc740

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

advapi32

RegQueryInfoKeyA

shell32

SHGetFileInfoA

ole32

StringFromGUID2

oleaut32

SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 45KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE