14dd7d99f580cd2b40634903523dfa08_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14dd7d99f580cd2b40634903523dfa08_JaffaCakes118
Size

10KB
MD5

14dd7d99f580cd2b40634903523dfa08
SHA1

520159b7835ecc3aaca1c0ac68eaae08dfcffe87
SHA256

7f6945299aff3388add621976053962dd04ba7cc2f448affe65e96bc5f496e0d
SHA512

67b3c9ef9f75dc25240b305a0b83419ec631a77357c30304fc1cfe5848bc761740844fa12568834734a8a6aa1eb867f33be347c64e36c61304c4082800bf794c
SSDEEP

192:3FkrQYEhigc49ID3RgHYE+j1n9nq+Aic:3vid49AgHajd9X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14dd7d99f580cd2b40634903523dfa08_JaffaCakes118

Files

14dd7d99f580cd2b40634903523dfa08_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

cb9fc98a5d2b1a840fee1a63188f5164

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueW
SHDeleteKeyW
SHGetValueW

msvcrt

??3@YAXPAX@Z
wcscpy
??2@YAPAXI@Z
srand
free
_initterm
malloc
_adjust_fdiv
rand
wcsstr
wcslen
memcmp
wcscat
??1type_info@@UAE@XZ

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ