379d006510013a9d4b0221b709b3b49c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

379d006510013a9d4b0221b709b3b49c_JaffaCakes118
Size

159KB
MD5

379d006510013a9d4b0221b709b3b49c
SHA1

3dc6259f6d2460f9627432278be358006f853d98
SHA256

980075c0ee9fe682b15d9fba5a39147d85c53c4cc259725c5a8a64fd0bbe5f00
SHA512

9cc3ca5228e56344c3a437e5bc3dcabc253290b6bb8cabf92a38573141906af9b8d4fd24f0ee5396744eb607ca7c2845f94146d83a566bdb936cbe77a95e22ae
SSDEEP

3072:n9ecLdlN5B0Le0UNrLAiL8giPTyCiJZg3wE0yacnvHhwAqS+2xzaZEaHz6eP3uLd:EyxT0StYTdwZggE0cnvBxqSLaZE0z6e2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
379d006510013a9d4b0221b709b3b49c_JaffaCakes118

Files

379d006510013a9d4b0221b709b3b49c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

3ff1f08911549d2356b3a180b889e815

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

advapi32

OpenServiceW

shell32

SHGetFileInfoA

ole32

StringFromGUID2

oleaut32

SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE