332e4bba3f5519c6477f48a946c357d5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

332e4bba3f5519c6477f48a946c357d5_JaffaCakes118
Size

102KB
MD5

332e4bba3f5519c6477f48a946c357d5
SHA1

f4a72eddd4ad1e080e2d64b572fbc0b3d6143a62
SHA256

3747e79f4621f106ec2e6ae3bb4c3e9f56c9d1918403c0c9576ed294a7681f91
SHA512

d2e7651c6035e4392751189904e48aa15f029d415191abd937df4aa41c59403d5e90b48de1c3e825dd6604de942d4360f539b2b93111625a1a5c8a2422d35056
SSDEEP

1536:0yRURK29+jIk7EOVS0QVdvSFxbL4z4+uqC3MAUVlodP7ISL/rDfjodenxp4lpoW:0yCL2Vvadv+qzoMAUujISXD8YepR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
332e4bba3f5519c6477f48a946c357d5_JaffaCakes118

Files

332e4bba3f5519c6477f48a946c357d5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9e544082aff39bb078adc078a1506edb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

FindFirstFileExW
GetConsoleTitleA
LoadLibraryExA
FindNextFileA
VirtualProtectEx
GetProcAddress
WritePrivateProfileSectionW
TerminateProcess
VirtualBufferExceptionHandler

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Noionkb
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 98KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ