3cd54e6d7d4a6a5e23cec6617afbab42_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3cd54e6d7d4a6a5e23cec6617afbab42_JaffaCakes118
Size

100KB
MD5

3cd54e6d7d4a6a5e23cec6617afbab42
SHA1

99d320ce77809fabc88dc4168ffcba8f143325f0
SHA256

13aad49c9ce6d27f55b0a416e9b160b80dffd18f8790ea4fbf7d46d066d57048
SHA512

99868d4f76e5b4ea7362b3b566aff757f1f19e2c22176ff06506518582f388f95d3de7d936c8c388246b46273a4c752769692393c2771bc6017e89eaa981f839
SSDEEP

1536:yQjc52peg3OfpWuKk9UB21wUbzYp+TwqdtD/vwTfwteIZxVrUkBvuKtKj/vqoOrw:tjcMpxSAurX7XYp4hdxX9hzxDtEdr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cd54e6d7d4a6a5e23cec6617afbab42_JaffaCakes118

Files

3cd54e6d7d4a6a5e23cec6617afbab42_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1df20e8b7275430334d2d24f44b22482

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryExA
GetCurrentProcessId
GetProcAddress
CreateMutexW

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Ocobloo
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 96KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ