34abc8b8137781c065dd24071dd8adf0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

34abc8b8137781c065dd24071dd8adf0_JaffaCakes118
Size

47KB
MD5

34abc8b8137781c065dd24071dd8adf0
SHA1

4ea1ddad545c85a126b95eea6075a6cf973d3ea8
SHA256

d89c467f368864aad27ee27603e056c919d634e94f9ed59f0714b44e948de217
SHA512

6024520c138d6026ae3639d52fe3f75e61e0f7f198a883518b92507812874eac8afc3eeac07a4f38b804be02da5e851d4acf58661ba7fca660d1959132d581d7
SSDEEP

768:jyfbNuoBrwpv/gmF3HRlaQdJUkYKa0+hkUywf2YKHE1BRt80p:jyfsohwdgu38kYZNiUyweYKHkBRtx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34abc8b8137781c065dd24071dd8adf0_JaffaCakes118

Files

34abc8b8137781c065dd24071dd8adf0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c4afecb25eefbb0813a90fe986b86722

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htons
connect
closesocket
socket
recv
send
ioctlsocket
WSAStartup
gethostbyname

kernel32

LocalFree
LoadLibraryA
GetProcAddress
GetLastError
IsBadReadPtr
GetSystemInfo
WideCharToMultiByte
GetModuleHandleA
InterlockedDecrement
GetModuleFileNameA
GetCurrentProcess
lstrcpynA
CreateFileA
FlushInstructionCache
Sleep
CreateThread

user32

wsprintfA
CallNextHookEx

ole32

CoCreateInstance
OleRun

oleaut32

SysAllocString
VariantClear
SysFreeString
GetErrorInfo

msvcrt

_strupr
??1type_info@@UAE@XZ
_strdup
_CxxThrowException
_adjust_fdiv
_initterm
_onexit
__dllonexit
strchr
atoi
free
isalpha
isdigit
realloc
malloc
wcslen
??2@YAPAXI@Z
sprintf
??3@YAXPAX@Z
__CxxFrameHandler

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ