1c32e31f065fc93be1714439dbf613c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c32e31f065fc93be1714439dbf613c1_JaffaCakes118
Size

100KB
MD5

1c32e31f065fc93be1714439dbf613c1
SHA1

54e578d41c49737d5f58a749d258ce2dd17cd2f4
SHA256

4e26b737153f5d73034ec1a1669a5e2c25c19d557d9d79d268589b53f686b1a0
SHA512

a7f149f89163cb8537f287c8099b933bc85ad98fabcd3781874e110b790f115b5bddab8daeb5be9f03550451ec4f1189bd75529f7c76eaab12dd6112639a3181
SSDEEP

3072:l/GDUjN+9vDLaEly5BoiL2122nyapyOw5:tGwmLaB59q12IVw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c32e31f065fc93be1714439dbf613c1_JaffaCakes118

Files

1c32e31f065fc93be1714439dbf613c1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

de762ae2f270e2507f4a438bcf3efe83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GenerateConsoleCtrlEvent
GetProcAddress
SetLocaleInfoA
RemoveDirectoryA
LoadLibraryExA
FreeLibrary
GetCurrentThreadId
OpenJobObjectA

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Mngchkl
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ