2dd9c17efd5ed235405ee9e7ae37f89d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2dd9c17efd5ed235405ee9e7ae37f89d_JaffaCakes118
Size

18KB
MD5

2dd9c17efd5ed235405ee9e7ae37f89d
SHA1

655913307289bed6f8e5d962dd7051d5a781a5b6
SHA256

43a55fb0766291b8e866de57fce0f65f2a908513c584c7bb6c980438696e9b54
SHA512

b9874b747fa7d8621b4cfb500111f760a162df839b8972e4d049d9b350a0710db168e2c868d945645565beca1e572c0a4245dfc864cbcf8e37bbf838f8e2664a
SSDEEP

192:74qwcchost7M99ucr/VWXKfcBwSL0KF0gA0RXLyp//sTovD:8qwWslpzXKfA0KSUylsI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dd9c17efd5ed235405ee9e7ae37f89d_JaffaCakes118

Files

2dd9c17efd5ed235405ee9e7ae37f89d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1bbd3174245be81abae7e9568e3bfaed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
SetEvent
lstrlenW
GetVersionExA
WaitForSingleObject
ExitThread
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
lstrcpyA
lstrcatA
GetSystemDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
CreateThread
CompareStringW
CreateEventA
ReadFile

user32

wsprintfW
CharLowerA
wsprintfA
GetClientRect
GetWindowThreadProcessId
ShowWindow
GetForegroundWindow

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegCreateKeyA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ