2eeee82f446cc9e40ad3f1c87c1874aa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2eeee82f446cc9e40ad3f1c87c1874aa_JaffaCakes118
Size

99KB
MD5

2eeee82f446cc9e40ad3f1c87c1874aa
SHA1

8879ba91241742a1f98e24f58c98f18b7dbf5f94
SHA256

41c9bf0f885a3b768b771a85dc038b7404602e340282667b358a1f5afcb76a47
SHA512

74049b0a210ca6e505caed2c7ba36d6f032ec6004982234e5800ecaf91e1d6781a97bbd31cec9af029834e99d531dd4e9164fe1d8566483b6be43348cf2b59c5
SSDEEP

1536:5mFWmy8HC1d8kZhEc4YtAlRB4loWBye1v89IYK7p/P48wo/IW2tyr97DwF:OWmy8Hmd5708BLNPvD/Ip67DwF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2eeee82f446cc9e40ad3f1c87c1874aa_JaffaCakes118

Files

2eeee82f446cc9e40ad3f1c87c1874aa_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6359fabd44a03af79e3ab319b7acee07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProfileSectionW
GetProcAddress
SetupComm
TerminateJobObject
SetTapePosition
LoadLibraryExA
GetSystemDefaultLangID

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Ehkmhna
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 95KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ