3d14e60b87041cdedaf4bb17287a8aa9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d14e60b87041cdedaf4bb17287a8aa9_JaffaCakes118
Size

10KB
MD5

3d14e60b87041cdedaf4bb17287a8aa9
SHA1

545e38adb2add763a7e77338f861d1466ee8f3e4
SHA256

a0c4669e7c06ec1f2c44d45ccef671aec2ed297481595f614f9c7f57b5a58ca4
SHA512

2e443162010eadc0c686c7824ce82f2de71124e1c56f8d558141b013ce9ab20ce57f4725fae76b10acb169490fc204297a0a48c558547013ceef69bd688c833e
SSDEEP

192:pcOff+LeXu1x+zr85uGp0wrV0EGBwKFwg1CO3B2jw57i/RMh9DB:pcyAYXCmmVRKwKnb3ks5ORG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d14e60b87041cdedaf4bb17287a8aa9_JaffaCakes118

Files

3d14e60b87041cdedaf4bb17287a8aa9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

68478f2c186ab2190cf848ae8776e01a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetSystemDirectoryW
lstrcpyW
lstrlenA
MultiByteToWideChar
lstrlenW
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
GetModuleFileNameA

user32

MessageBoxA
MessageBoxW
wsprintfW
CharLowerA
DestroyWindow
IsWindow
ReleaseDC

gdi32

RestoreDC

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ