356a3b2485738dd5899a7f942d66a301_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

356a3b2485738dd5899a7f942d66a301_JaffaCakes118
Size

102KB
MD5

356a3b2485738dd5899a7f942d66a301
SHA1

e0747b797b8f0e4a6ef0adc8688bbf0d9fd7c9e2
SHA256

57bbc36a03ddd9b30911625c6eaef2db587ddf60039151ce11411529ce6963ae
SHA512

538db73b867aad7e7ed28785a24ada5643c2ce05f7db056ebd73e5925c374fcbb469662fe740a905e07948752ed6e94dcc51f9737c88b1c627f97c30f6f9e843
SSDEEP

3072:F2pTFqi8nUfw5FIvQMI/BrIiGB/T+yqXlevMQQ:FsTjzvvI/B0ikLVJv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
356a3b2485738dd5899a7f942d66a301_JaffaCakes118

Files

356a3b2485738dd5899a7f942d66a301_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

633f51430736dd7f3b5f639ae15ec595

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetBinaryType
LoadLibraryExA
GetProcAddress
lstrcmpW
FindAtomA

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Lkmpolm
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 99KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 366B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ