397fe876293839cd85082b8d5268e451_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

397fe876293839cd85082b8d5268e451_JaffaCakes118
Size

80KB
MD5

397fe876293839cd85082b8d5268e451
SHA1

e0afae06f3f62b69cb97719710ec853cea162a8d
SHA256

a5b640c1ae7a376c8d9c2c38096990b47a7fdbaca902980695e495c52b4401ad
SHA512

7edec8a3242dad5973864228705e875e6729f9cce82b4421d3e95c9a09d28b882de7fad1e7286ee4ff1e0b885644cd41ddfb9ca90e2fb8915e32886d9dc0f127
SSDEEP

1536:EIADRg36k/rbf+lJdV0nrFXRtFNiKzyoJsdoVbgZz4iOTwTBWausv:ELDW3T/HWlJdVwBtS4yqs2CYGBNv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
397fe876293839cd85082b8d5268e451_JaffaCakes118

Files

397fe876293839cd85082b8d5268e451_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fa949d982047f6f0cc30f65376b7484c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
OpenEventA
LoadLibraryExA
GetProcAddress
LeaveCriticalSection

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

version

VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Mkobbgm
DllMain
DllRegisterServer
DllUnload
DllUnregisterServer
ServiceMain

Sections

.itex
Size: 78KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE