0ecab0a99045f0350a47c272f3c7e55f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ecab0a99045f0350a47c272f3c7e55f_JaffaCakes118
Size

59KB
MD5

0ecab0a99045f0350a47c272f3c7e55f
SHA1

bc76d488bb6995a2f36452c0b4c1829a8ab0b689
SHA256

b0374245f1772d202190982d90113cab6ec954d134564d71e83cb954919fb6fb
SHA512

97698a0bc909113829a75e68dbef93e49219e729265b811d9666f36710f379af1f08821f3a7806fffd3bf714c8839ddbcf54d4f9b2d27c33bc27d41fb14e9f70
SSDEEP

768:z9mW70bm82PH3JPMBHBT9ThxPKfn5u289qX9QG6DhvN6d6q2hjNoTBJvoNDUayWk:YWwbsH3J2hiQU9gigh5oTTQUay71

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ecab0a99045f0350a47c272f3c7e55f_JaffaCakes118

Files

0ecab0a99045f0350a47c272f3c7e55f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0a524946903d39ef7ffef422d4167ad7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetSysColorBrush

urlmon

URLDownloadToCacheFileA

advapi32

CryptAcquireContextA

shell32

SHGetSpecialFolderPathA

wininet

InternetCrackUrlA

ole32

StringFromGUID2

oleaut32

SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 53KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE