27abd06380c415bf6cdc251648e033d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27abd06380c415bf6cdc251648e033d7_JaffaCakes118
Size

87KB
MD5

27abd06380c415bf6cdc251648e033d7
SHA1

986e576e75d5267037f63eac19b58e26d7ae8417
SHA256

f565d9f3a4288340db64b0413e11558f8722e20a2d1ce7b932019737b6b0c377
SHA512

5c16990703f9f1b0165c62119cdfa7eb6cfd36b78b1d43e8cc1833b0984f2db939f0c515f585563947da9109fbcb71e6f7433bd022a8dacc9c496bcaa9d54cf6
SSDEEP

1536:n6QNg7RRo2a43LK103t/cMgBwG5UsNFB6Y6bORDQ/haU3pmbnExM9TXeMrh805gU:OvvV3LKK9kMq5UwFB6byVLgp5iBXv+5U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27abd06380c415bf6cdc251648e033d7_JaffaCakes118

Files

27abd06380c415bf6cdc251648e033d7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cc57de27c39c384bfcfa14d98c1bbf0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

advapi32

OpenSCManagerA

shell32

SHGetFileInfoA

ole32

StringFromGUID2

oleaut32

SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE