31219f1539e7c09dd568a088f0be2d6a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31219f1539e7c09dd568a088f0be2d6a_JaffaCakes118
Size

81KB
MD5

31219f1539e7c09dd568a088f0be2d6a
SHA1

713f4043bf488e5ddd0967399245bee4cc64ced0
SHA256

d0eb0089eaf1020d6bce572ac77c550c0213ce501b3fb657c2ba63cb6a9b3873
SHA512

1e142aad18bf62c4f6e31ea1008e3b9b60ea81ff2c2b7cb675124cf2b2c9f231a31583bc76ef9223e81a42cd13d71ef460837035d1e2ade66a359ad989689c15
SSDEEP

1536:6uXlUGdQt/z01Gqvy+W7KL/nLAinY+vZ3H3WIrdBs/+:tulqPFnLznY+B3FBH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31219f1539e7c09dd568a088f0be2d6a_JaffaCakes118

Files

31219f1539e7c09dd568a088f0be2d6a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9ee1cba00cc5292a9e2bd975512b3217

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
GetProcAddress
LeaveCriticalSection

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

version

VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Lhacomj
DllMain
DllRegisterServer
DllUnload
DllUnregisterServer
ServiceMain

Sections

.text
Size: 79KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE