1963b0ed9a63f3e5f9b5f84a9d7a64d0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1963b0ed9a63f3e5f9b5f84a9d7a64d0_JaffaCakes118
Size

102KB
MD5

1963b0ed9a63f3e5f9b5f84a9d7a64d0
SHA1

8e93de33bb428f8ecc3cc585f8624965ddbff1ba
SHA256

4f4119592035bea210826537056a69e81c055072a7d4ce8e255ece53ccebaf7b
SHA512

ad73467e829188dcf5bf5992ec0a799c269338eb5b4c7f07bc1702049711be998fcacdaa50b3bbff18e4b068ba80e4f7b778193b16f6914ef3855b9aa76bb2fd
SSDEEP

1536:RIKsERbAxjeX5X6d2DLkVywjP6q0pf8KeUVcL40pPmVZc04sDlTuoCwvLG:yKssbA4qMDcyUI8Pc+mVS04sJAwzG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1963b0ed9a63f3e5f9b5f84a9d7a64d0_JaffaCakes118

Files

1963b0ed9a63f3e5f9b5f84a9d7a64d0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8bf0c95ff4dde762c925bbb4036df087

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

Process32First
LoadLibraryExA
FindFirstFileExA
GetUserDefaultUILanguage
VerifyVersionInfoA
UnlockFileEx
GetProcAddress
DeleteTimerQueueTimer

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Cccojph
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 98KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ