2d0440d1c1840f4ce1ebde5a1154ba8a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d0440d1c1840f4ce1ebde5a1154ba8a_JaffaCakes118
Size

81KB
MD5

2d0440d1c1840f4ce1ebde5a1154ba8a
SHA1

1e35acf5f652eb627727cf37ceca62ae11744b2a
SHA256

67c97cf77bd7f9625c175f778643acbbd7827d9a2c5f45837dffbd4f63c97f56
SHA512

f0ec7103502de2fcfce5c86d560f451a930912e9ea5c2f6b2c54d9f6a8e23a67ad03ea0f906ee5fe48066626747e144788bf874a6901f692e599ae3473e27d87
SSDEEP

1536:yo4fOakL/wDbBWz91ryamw0F1Y/L5LgeWGVzPGNSNB7NA9lpIGpDb1t7:yoCfBWi5F1YzVguGCBypImd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d0440d1c1840f4ce1ebde5a1154ba8a_JaffaCakes118

Files

2d0440d1c1840f4ce1ebde5a1154ba8a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f287fd6bfed6cb699b37f724e5b2939b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryExA
GetProcAddress
LeaveCriticalSection

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInit
DllMain
DllRegisterServer
DllUnload
DllUnregisterServer
ServiceMain

Sections

.text
Size: 78KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ