32ebe2cef738da27b03a36e9bcb29196_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32ebe2cef738da27b03a36e9bcb29196_JaffaCakes118
Size

51KB
MD5

32ebe2cef738da27b03a36e9bcb29196
SHA1

9cced1f839ec0e4acc32735a49bd94fa111c5383
SHA256

544b017488103c2dad245246e027728c9db657f2fef0ce080a638fe6a58f526d
SHA512

48bd204ef34a17d3b375f32ce05771e9e279a7a6ddc6bd5234c436ab04682d5e2177253d6544eb8e72485a5abedfa60a2aba22b4112aa7418714d1f7e817cac3
SSDEEP

768:VwVYyWcRKMch4jytgFW5VA5ZnvhRFxlfhfFx4AZR5Lm9:Vwi2KMcCjQA5ZvhRFXPu2m9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32ebe2cef738da27b03a36e9bcb29196_JaffaCakes118

Files

32ebe2cef738da27b03a36e9bcb29196_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8d4d5d8a0a82f1ffdc2993b77dfdcf37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
Sleep
OutputDebugStringA
GetCurrentProcessId
lstrcpyA
LoadLibraryA
GetProcAddress
CloseHandle
GlobalFree
GlobalAlloc
GetSystemDefaultUILanguage
GlobalMemoryStatusEx
GetVersionExA
FreeLibrary
CreateProcessA
InterlockedExchange
CreateThread
WaitForSingleObject
GetModuleHandleA
GetLastError
RaiseException
LocalAlloc

msvcrt

strcspn
strstr
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
strtok
atoi
free
_initterm
malloc
_adjust_fdiv
sprintf
srand
rand
strncpy

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ