4039937c633d3de86f4b8cac518ae673_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4039937c633d3de86f4b8cac518ae673_JaffaCakes118
Size

116KB
MD5

4039937c633d3de86f4b8cac518ae673
SHA1

75d5a19cccf2c2684d205bb2db1d6eafff9dab2d
SHA256

2779b85eb970ba03ea474f56b98520e080dabcd0a081b1472e29c82684725478
SHA512

2d70c7412be08dc52aeb6d5e173ea8b9a88dd584d7933ead2b11ca52c3304040f493eb0af2cd2dc21df1e46acd53add04b8dd24936976ed870e0af736ec474e8
SSDEEP

3072:n6tQWzFWQBnd2pfcvw1eqaeLqySfmDu5Q3K05:n6yYs/pHMFpySODu8K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4039937c633d3de86f4b8cac518ae673_JaffaCakes118

Files

4039937c633d3de86f4b8cac518ae673_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2bee77d05db16ce4adddef3615786487

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
SetThreadLocale
GetVolumeNameForVolumeMountPointW
GetProcAddress
LoadLibraryExA
RequestDeviceWakeup
GetTempPathA
ValidateLCType

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Nononon
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 113KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ