39161e175580d8e8612c5d1fddd09743_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39161e175580d8e8612c5d1fddd09743_JaffaCakes118
Size

2.0MB
MD5

39161e175580d8e8612c5d1fddd09743
SHA1

7b68a382d353d65cba3046d93e41075354a58f23
SHA256

1049147ef2a58acec31945427669a6bf8ff3e98de2b4d18ceeb3b47d7a797329
SHA512

0631b3b060caf73c109ab0b90e12fa0511921ae86f2ac346779399c4a11ec1e97479f86ed37827f195700a71ba2f71aec9ca75c79690f21b45184ca877157ca8
SSDEEP

49152:rEhJc3x1BzTA7l0sc/ssr2eKl/2qt4ZBDaugs+jm:Ahy3x1Bz7/muqt4XWuji

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39161e175580d8e8612c5d1fddd09743_JaffaCakes118

Files

39161e175580d8e8612c5d1fddd09743_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

66ebc4047b5c986d0d94ca76f6c498f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
UnregisterWait
FindResourceA
WideCharToMultiByte
GlobalHandle
GetTimeZoneInformation
InitializeCriticalSection
GetAtomNameW
ClearCommError
LoadLibraryA
GetProcAddress

ole32

OleDestroyMenuDescriptor
CoRevertToSelf
CoUnmarshalInterface
CoSwitchCallContext
OleCreateMenuDescriptor

user32

SetWindowLongA
LoadImageW
GetSubMenu
CreateAcceleratorTableA
GetScrollInfo
SetParent
UpdateLayeredWindow
DefDlgProcW
GetUserObjectInformationW

shlwapi

PathCreateFromUrlW
PathMakePrettyW
StrChrW
SHRegGetUSValueW

advapi32

ObjectCloseAuditAlarmW
MapGenericMask

gdi32

GetDCOrgEx
WidenPath
EnumFontFamiliesExA
GetLayout
GetDIBits
Polyline
DPtoLP
ResizePalette

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ