15ff4c756ef47a0a7347978a9a3655bf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15ff4c756ef47a0a7347978a9a3655bf_JaffaCakes118
Size

155KB
MD5

15ff4c756ef47a0a7347978a9a3655bf
SHA1

ad2d293a6927fa1fcb05647ca5ecbba619548cfd
SHA256

58ea215959f6a01d42ab37ba8a5c701c840d46049a52533939c4e7f635a66f4a
SHA512

155933f9bb4084786af83d5d4180bb1fb13413378a47ce9a3cb024ff34cfc437cf4ff52d0fcc59aa08a75996dd44f8feccf62ca8a5c302255671da6cad08a68e
SSDEEP

3072:5jOeOK7siSF18K6E2ZVcMMxOyRYao4uyElpAm4SZ6aDUuSo1K+fD:5p7sHiK6tZVcMpaozxQW62PnK+fD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15ff4c756ef47a0a7347978a9a3655bf_JaffaCakes118

Files

15ff4c756ef47a0a7347978a9a3655bf_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

bc33e0d58c61198dfaa558558dad22f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

advapi32

OpenProcessToken

shell32

SHGetFileInfoA

ole32

StringFromGUID2

oleaut32

SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE