0e76132a4aa157ed25f1a8c850aafd13_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e76132a4aa157ed25f1a8c850aafd13_JaffaCakes118
Size

415KB
MD5

0e76132a4aa157ed25f1a8c850aafd13
SHA1

11c6edfedda2e86e11339569ff729229592b5318
SHA256

ca01d17b92a2317698b376d7009db8191b144a68cd90438fb33e2d66f60c0519
SHA512

388aae1cce2bad35947b76af95c54a42da4323315715171e14e77fcdb12507ec2f65164d21ad0cd985e1dd90c49bef89bb8de82373cee9c3484138840e9b0530
SSDEEP

12288:atYPWVepbQU/B2TfCAM0YJqnYU/ypFGaf7YTuMIgR:EYqCbQZOt0AZgWFGEiYg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e76132a4aa157ed25f1a8c850aafd13_JaffaCakes118

Files

0e76132a4aa157ed25f1a8c850aafd13_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b01bcaf7e9b1483ee617b6239d02ee79

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

IsEqualGUID

comctl32

_TrackMouseEvent

wininet

InternetSetOptionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 406KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE