39e4b3c799d55adc71b327a8b01ada33_JaffaCakes118 | Triage

Sharing

General

Target

39e4b3c799d55adc71b327a8b01ada33_JaffaCakes118
Size

17KB
MD5

39e4b3c799d55adc71b327a8b01ada33
SHA1

8fc4e9a14661644fee3190a466186254054e9541
SHA256

04b73355de08451c0e4f0cd7bc2c76b2ec2279fb7c36ceed85582dd685023cb8
SHA512

30165e9c7cd77d81888b8d9a007bd110efe9e4a7d6152457290f439033cd7653de5935a804a55161fa98566f5e92ef256b97eeecdac20077004383c5dbe2034a
SSDEEP

192:Esm2lhoGZ3M5cQemMprCme1Z+Np+57SEFsnWasM+8sSetQ2E1dY9T1+XeLtZH9UY:tm2sK+hM7NNoLKz+jt1wutZ9/FMDGU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39e4b3c799d55adc71b327a8b01ada33_JaffaCakes118

Files

39e4b3c799d55adc71b327a8b01ada33_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

61e5c92ad2d0118f34509148e7b07907

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wininet

InternetCrackUrlA

ws2_32

recv

msvcrt

wcscmp

atl

ord30

user32

IsWindow

oleaut32

SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 11KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE