3fd776cc82f8c4e98efacf73fa7465dd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3fd776cc82f8c4e98efacf73fa7465dd_JaffaCakes118
Size

40KB
MD5

3fd776cc82f8c4e98efacf73fa7465dd
SHA1

62a4f406b8160cf4ea778f89f07f14af2d686f79
SHA256

e200d575ee67859a16178864eefde68319fe532ea14496760f1ab31362ec7cda
SHA512

4971d578f32504549f576fd93cc6627f5edfbde119aacbcf3fdc44820d6ee854a51ac0a283aedad36bdba5ad62b8f3a71ab0e4948379a1c1df4d3b1196219b1a
SSDEEP

768:VxwqM1Pgur2zcv/6MYvzC7BMhh832e3KCAMGs:7lM14ur226MYCBrGe6CAMGs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fd776cc82f8c4e98efacf73fa7465dd_JaffaCakes118

Files

3fd776cc82f8c4e98efacf73fa7465dd_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

da218df9e21394aa38c34ccbf0adae3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

socket
ioctlsocket
WSAStartup
send
connect
closesocket
htons

kernel32

LocalFree
LoadLibraryA
GetProcAddress
GetLastError
GetSystemInfo
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
InterlockedDecrement
GetCurrentProcess
CreateFileA
FlushInstructionCache
Sleep
CreateThread

user32

CallNextHookEx

ole32

CoCreateInstance
OleRun

oleaut32

SysAllocString
VariantClear
SysFreeString
GetErrorInfo

msvcrt

_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
_CxxThrowException
malloc
wcslen
??2@YAPAXI@Z
sprintf
_stricmp
__CxxFrameHandler
calloc
realloc
_strdup
??3@YAXPAX@Z
free

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ