35aba2f9197ab1712e20226ddf8a7363_JaffaCakes118 | Triage

Sharing

General

Target

35aba2f9197ab1712e20226ddf8a7363_JaffaCakes118
Size

9KB
MD5

35aba2f9197ab1712e20226ddf8a7363
SHA1

78026c5b8e6cd52f8eea9aa8d414326cf004141d
SHA256

b68824fb948b7f8e35f5c78859a9c53bb73eae8f91d53f5083b1ffd9ca8f8071
SHA512

0718d61a8d1091778b118fd4b690b6b009b5aaa8ff0b514438e64d898b9df1f20a345fe92571ee531052de9a80745f333b112e9aaf0a4e087e4d4d81b33a8471
SSDEEP

96:LM2IPsscm5NsLWrPV/LPO3wVleP1HduWOPl9n0A5taFeJowzkC8Cnko7caPd9B:L9c+g5zlVs/uNlGA5tmYowAC8WUqP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35aba2f9197ab1712e20226ddf8a7363_JaffaCakes118

Files

35aba2f9197ab1712e20226ddf8a7363_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5aa9600270c7a740566a98f13d6e4e13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE