42365070ccc957b95df41e16f43c26d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42365070ccc957b95df41e16f43c26d9_JaffaCakes118
Size

105KB
MD5

42365070ccc957b95df41e16f43c26d9
SHA1

9a825f30474c7bc04a724ba4e905fdd650dd954e
SHA256

bda2dd77af14b1396bffc1959284fb5ac050336289b537d9802214477acd3942
SHA512

8ec60068652d89e75a5c91c8781bdf86759155af193aa3170a03f426bae35ca5385aca7f52d39af9a32641bce6dc10c9dcb620150d91f1d8928b46693195c5ca
SSDEEP

1536:jHVNZlPNhPo+CMN+pF7tl7MRCzfW6woNFTZ1IapURFfXxBSPS41gEtuahLdjO4mB:37Pr7CMiF7tlsUfW6wcaapULxegU/EI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42365070ccc957b95df41e16f43c26d9_JaffaCakes118

Files

42365070ccc957b95df41e16f43c26d9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8049ed7f1507b194c4a9ca13659942b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord2982

msvcrt

?terminate@@YAXXZ

user32

LoadCursorA

gdi32

CreateFontIndirectA

shell32

SHBrowseForFolderA

ole32

CoCreateInstance

oleaut32

LoadRegTypeLi

urlmon

URLDownloadToFileA

dhvms

_VMS_Cleanup@0

msvcp60

??0_Lockit@std@@QAE@XZ

version

VerQueryValueA

dhnetsdk

ord22

dhconfigsdk

ord1

winmm

sndPlaySoundA

dhplay

ord15

ws2_32

gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 90KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE