30dbb4bd56b83fac95503eedd2733c43_JaffaCakes118 | Triage

Sharing

General

Target

30dbb4bd56b83fac95503eedd2733c43_JaffaCakes118
Size

103KB
MD5

30dbb4bd56b83fac95503eedd2733c43
SHA1

91e33b3232657a0fc459e8b12b1689d38a6328f2
SHA256

d03524e7dc90501bb1becb92f9d90d9fc4b721a2c09550d6c6fe019d5629cb1d
SHA512

00873e9ed629681bdec54e8695428cfba673210760a87fac6b9b85b1501097621594cf8fb111b37aa5516fc255ed6816bca8425186f326f90b3039566224101e
SSDEEP

3072:8w9BNsI3xPn7QGO1SMXmgOdjZ559ON5r489pRe0hx:ZB/3xf7vwmfFj5Ez4Wz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30dbb4bd56b83fac95503eedd2733c43_JaffaCakes118

Files

30dbb4bd56b83fac95503eedd2733c43_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7742c213d5c7f050416ee264a50ef603

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryExA
ExitThread
FindNextVolumeA
GetNumberOfConsoleFonts
GetProcAddress
WriteConsoleInputVDMA
SetThreadContext
SetLocalTime

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Nnkblon
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 100KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ