2d0f9db6e6ffbc0266626dbc1e53950b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d0f9db6e6ffbc0266626dbc1e53950b_JaffaCakes118
Size

151KB
MD5

2d0f9db6e6ffbc0266626dbc1e53950b
SHA1

26de22c70db65ca04338551d411736633eb5ea1c
SHA256

de7b4b14462a3ddc8cc43c182ad96a84c8a35787b9a2941b9db4ebb7cb2a704b
SHA512

f34829047d2824fab7030746dca20ab573810e84ef2efffbe2943fcdff98fd11d9bfa08bcb19d05de21fc74cbb5d79ae4d17905314953cc5d23d263d0af7a31a
SSDEEP

3072:DqSDOLYI+gWeit52URa6X38u697MuEUmlm/FIB6eFvDBpwct3rDjKENx0R/EkRc:9DOLYIlhG2URa6ng7CUmA6LFr/vzsNv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d0f9db6e6ffbc0266626dbc1e53950b_JaffaCakes118

Files

2d0f9db6e6ffbc0266626dbc1e53950b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2b85d78f57bfc0b7eaff86cb3c2b8381

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryExA
GetProcAddress
LeaveCriticalSection

urlmon

URLDownloadToCacheFileA

rpcrt4

RpcStringFreeA

advapi32

RegEnumKeyA

shlwapi

StrRChrA

wininet

HttpOpenRequestA

user32

GetParent

ole32

CoCreateInstance

oleaut32

SafeArrayCreateVector

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE