34382637a2316617dd50d0bdfb2370aa_JaffaCakes118 | Triage

Sharing

General

Target

34382637a2316617dd50d0bdfb2370aa_JaffaCakes118
Size

57KB
MD5

34382637a2316617dd50d0bdfb2370aa
SHA1

fb0676421a8e15d6f7154a1ed14e8ac55764f0ab
SHA256

6c87af693ee43f8478bede7c3ba9b2d6286da189ce79c35eb6415d001af3c52c
SHA512

b0077557b1094ae45280e19428e1028c4f0450d4331398df519274c1bbeffb9a1965b8150fa33694b81885643460c5689030b5aaa08945ff76aed1bb520e3641
SSDEEP

768:4vbCoPHETfhxzLFFul7zw9I0nnCYACkHfTOu2yCfOEA4HyhqSo+lRQ8:YCTfhxLF89WI0nCYK/KlGEA4INR7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34382637a2316617dd50d0bdfb2370aa_JaffaCakes118

Files

34382637a2316617dd50d0bdfb2370aa_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0106e48e900167bc28fecbaa72653691

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord941
ord800
ord1200
ord537

msvcrt

_adjust_fdiv
_initterm
__CxxFrameHandler
strlen
malloc
strcmp
rand
free
_mbscmp
realloc
memset
memcpy
_stricmp
_strlwr

kernel32

VirtualAlloc
VirtualProtect
GetProcessHeap
HeapAlloc
GetProcAddress
DeleteFileA
GetModuleFileNameA
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetUserDefaultLangID
CopyFileA
Sleep
FreeLibrary
HeapFree
IsBadReadPtr
LoadLibraryA
VirtualFree

user32

MessageBoxA

Exports

Exports

DllGetClassObject
DllRegisterServer

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ