0df0c062e0f9bb44132c3793fe9850de_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0df0c062e0f9bb44132c3793fe9850de_JaffaCakes118
Size

118KB
MD5

0df0c062e0f9bb44132c3793fe9850de
SHA1

8a9d8acbd7ab792729f15bf1074a3de8fbd31dff
SHA256

f6bab779c86b42214f7c0de6fee101236b7a9c6c2584ae5ae7a61e47660bdda3
SHA512

30e857556c78910321be446243897df676a1128b2429aff33e7ed57de1e87bb23dd583d7b7c24e1fafa460f765fefa19d9a3af87dea7db4c45afb79b1d515205
SSDEEP

3072:X7qZUqrwTbJwyRsktc4a4Pl4MbBFLWzYse8ehGz:X7qZ/wT9Cn49Pay65qhc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0df0c062e0f9bb44132c3793fe9850de_JaffaCakes118

Files

0df0c062e0f9bb44132c3793fe9850de_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

21392eb9068d8b1650380b647bb49bde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA

advapi32

RegQueryValueExA

shlwapi

StrRChrA

urlmon

URLDownloadToCacheFileA

rpcrt4

RpcStringFreeA

user32

EnumThreadWindows

oleaut32

VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE