16e8d05ecedfb268e678552ab6b09db9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16e8d05ecedfb268e678552ab6b09db9_JaffaCakes118
Size

101KB
MD5

16e8d05ecedfb268e678552ab6b09db9
SHA1

f2c756b5fe73f45a5a7fcf798785dd05c8c33040
SHA256

a5bc559222a17b9ecf5c72c61d8ef47b8be68e1db77aa0117f7a4535f256b95c
SHA512

4dff3269365d5a960f06202b0430cc09c3e34ce06160fa6580a934d51fd13ccac6228d1fc0a13581c48874c8600bd51329981be0ee369a7b3b2bdfc287fdaa51
SSDEEP

1536:cDXsNZoKnYHAQANtd6WTsCsrXUyUY9mCDQ5vrjRD03rUAoL1QH6Rh1k:HngA/AWToammZ3xrKae

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16e8d05ecedfb268e678552ab6b09db9_JaffaCakes118

Files

16e8d05ecedfb268e678552ab6b09db9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1f839d196565a345c5fbd5f07d2791ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryExA
FindFirstVolumeW
GetProcAddress
SetFileApisToANSI

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInit
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 97KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 358B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ