305de967548cf40581972aa97ab2aba5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

305de967548cf40581972aa97ab2aba5_JaffaCakes118
Size

28KB
MD5

305de967548cf40581972aa97ab2aba5
SHA1

ea731b2bb13cf1bc2b1f5ed033ffd82405c78ace
SHA256

4b0206e412785503994d02fe29aec77b3f8e6d3fd8f9233c6189a119a2e7fc28
SHA512

0dfe8e641eb80f923a72643237e70dc994ff66d8b1fe273eaba624216795b7780165952f55cdceb0cd174c97539ceedc0e7890cde53e9cbee20742abbeffbd33
SSDEEP

192:UA3OUaGIOhdUO2TXoEFS/i+ASIKFYe3p4TkdSNm/sBY89P:UA3OUaGxEeIKKe3cUwWsOM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
305de967548cf40581972aa97ab2aba5_JaffaCakes118

Files

305de967548cf40581972aa97ab2aba5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6234d98b8b1ea4ec618ab017e7bfb33c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
SetEvent
GetSystemDirectoryW
CloseHandle
WaitForSingleObject
ExitThread
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
lstrcpyA
GetVersionExA
HeapAlloc
GetProcessHeap
HeapFree
RtlUnwind
lstrcmpA
CreateThread
CompareStringW
CreateEventA
lstrcatA

user32

wsprintfW
CharLowerA
FindWindowA
wsprintfA

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegCreateKeyA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ