318499e3463bdd3256be379a21889144_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

318499e3463bdd3256be379a21889144_JaffaCakes118
Size

2.3MB
MD5

318499e3463bdd3256be379a21889144
SHA1

92544b02733b606c7db37a11a1224728ec98c427
SHA256

1e1ac66000fcc6407b298467272ac98c5c5024a5cc93dd185f7109be5ac43cca
SHA512

c9c2c331123f1ad7cd95db871a2a682aac9679655efe7a69797c36d3f02a92828be64373aa35abe6655ec539b98c35defe477c9feb451ace1109ab036a70fe9a
SSDEEP

49152:PmHCj1kaFsUN2uEcpI75b3/cwnuIrmLPoBPJf6lT2Mi:OCjLNIuEgQ3/1gDoBhfC2Mi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
318499e3463bdd3256be379a21889144_JaffaCakes118

Files

318499e3463bdd3256be379a21889144_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

dbe24f5c6b882660141c20a9ebdb2a2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
VerLanguageNameW
HeapValidate
GlobalFlags
OpenEventW
GetDateFormatA
SetSystemTime
GetProcAddress
ConnectNamedPipe
LoadLibraryA

ole32

OleCreateMenuDescriptor

user32

EndDeferWindowPos
SubtractRect
SetCursorPos
GetDlgItem
GetDCEx
DestroyIcon
DrawStateA

shlwapi

PathMatchSpecW

advapi32

RegSetValueA
IsTokenRestricted

shell32

SHBindToParent

gdi32

GetClipRgn
GetPolyFillMode
EnumFontFamiliesW
DeleteMetaFile
GetRegionData
BitBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 556KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ