36678aa29440bbb7ed20e083f32194d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36678aa29440bbb7ed20e083f32194d7_JaffaCakes118
Size

101KB
MD5

36678aa29440bbb7ed20e083f32194d7
SHA1

5d7ecf929b94a70425b0c1ecbb671aaa949a66ee
SHA256

23cbfe9eb90bfe4f1dbcdb5dc5db77a743ac891fbef1a6003ea0b0ed35214cb7
SHA512

9c75c7df1498f34039c2a2fa642a821246ff0a203b85ae85a1a3c7421030e3bfb3d06cb42fc3378a0b64ceb49cdf27561db0a3e807fe504626bdcd179b97ae42
SSDEEP

1536:BIUUf38ZA2d+336J4GesExxRhsI4c99g9MOYGucMtFxhY/cAEPs6MnB242gVOmpj:BIXsZAT33IMxzh19g9huceFxCvH0Ns

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36678aa29440bbb7ed20e083f32194d7_JaffaCakes118

Files

36678aa29440bbb7ed20e083f32194d7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c77640a2f5f04133ffacf007fa8d92f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryDosDeviceW
SetFilePointer
GetThreadSelectorEntry
GetProcAddress
SetConsoleOutputCP
AllocConsole
LoadLibraryExA
GetConsoleAliasesLengthW
GetConsoleCP

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Dgmodoc
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ