43c836cf630ae8148259cc11df1cbbe1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43c836cf630ae8148259cc11df1cbbe1_JaffaCakes118
Size

380KB
MD5

43c836cf630ae8148259cc11df1cbbe1
SHA1

d14fdf21d49faaca46d32c3378b48572fcd126dd
SHA256

2e5b73248a563c59d3f0a2f97a7184c26fbd5dfe6a59c633ff03ecea7b4931e3
SHA512

77b001a6b0a9c94952280eff8b83fb3be801a2efac2a84b053795b906178ee6ad2f03e228050ecd432eee6761b87fe1c12fd464a044a6761592f5534bd5dea99
SSDEEP

6144:KPs65gTUnz7Ja5Cc7t1PdpKVovbd7X/QTBJgHsEbbh4:KEfUBEHdpKybt/QTrgX14

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43c836cf630ae8148259cc11df1cbbe1_JaffaCakes118

Files

43c836cf630ae8148259cc11df1cbbe1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

aadf5c8667fe05f652d8f2e502e2b9d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

GetModuleHandleA
GetProcAddress

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ