3e873802b4842c7f64036a6aa58525a2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e873802b4842c7f64036a6aa58525a2_JaffaCakes118
Size

99KB
MD5

3e873802b4842c7f64036a6aa58525a2
SHA1

82c8def7e7528ae6534fb6e2b099e29be130e767
SHA256

46d2a6c72e6486abb327b40fcd64828983fde04824ae64af27e32567021f54b0
SHA512

12bc1020a8316eba5ddfc500a3bd007c837dc08245a702eab82cc7faa3179d021662b4038abea5ec8993539178e4738429ac8594e7cc85f15c42092fbe704c46
SSDEEP

3072:ijEisfV85Q3PZq+8+wcYIZb9NlHQwUwuIrH:ijmfVeQRq+qUVyjI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e873802b4842c7f64036a6aa58525a2_JaffaCakes118

Files

3e873802b4842c7f64036a6aa58525a2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5f07e99c7f872be8f21cef5610e884aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryExA
FindVolumeMountPointClose
GetProcAddress
GetConsoleAliasExesA
SetConsoleMaximumWindowSize

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Olcgbol
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 96KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ