2c6955133db3e6f60a88e3c53945e534_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c6955133db3e6f60a88e3c53945e534_JaffaCakes118
Size

32KB
MD5

2c6955133db3e6f60a88e3c53945e534
SHA1

bfca19aec31047b0f5471334b7fbdf1487486a5b
SHA256

8523575ffcf578a46e0b8c80e877ef1747ae61b47078405b9477da002ea11bf8
SHA512

5c6849de81e68920597a67fe89c83da928f94990eee4f58129f2d0f2ce77803c8012f0555d41287fdccf2fc3065925ada9db356c0a7f0605efbb4360dbb2fb03
SSDEEP

384:bT2p07Bxzt7lf3mhOeI5yBKuxL5OMebQUoo8y/fJ:byedBJBmhhKuunbQUhH/fJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c6955133db3e6f60a88e3c53945e534_JaffaCakes118

Files

2c6955133db3e6f60a88e3c53945e534_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9b0c06e3ef439c315c77964502955926

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
GetSystemDirectoryA
InterlockedIncrement
CloseHandle
CreateThread
GetWindowsDirectoryA
WinExec
LoadLibraryA
GetLocalTime
GetProcAddress
GetModuleFileNameA

user32

KillTimer
SetTimer
FindWindowExA
PostMessageA
DefWindowProcA
SetWindowsHookExA
RegisterClassExA
CallNextHookEx
UnhookWindowsHookEx
GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
ShowWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

_initterm
free
strrchr
strchr
fopen
fwrite
fclose
_access
_stricmp
malloc
_adjust_fdiv
_strlwr
strstr
??2@YAPAXI@Z
sprintf
__CxxFrameHandler
??3@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ