45edc1e7a7093fdd9e9bf20a635bbf40_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45edc1e7a7093fdd9e9bf20a635bbf40_JaffaCakes118
Size

117KB
MD5

45edc1e7a7093fdd9e9bf20a635bbf40
SHA1

668222746a4b310d0294cf79dbc36231ef73d959
SHA256

edd82f55614cdfe8cf10db3915d0de3c51c7173ad7236cfd4e37fcc3ea67515e
SHA512

75252687362fb2f3f31107e56403fc725bd5c28038306c2dc0b59c0c45cbd79a01be30c6b319c5fa44158bccd71783612e5bde42ed51db9ab8816737ad3cc394
SSDEEP

3072:kxmbCMM3y7drJ59X+q2cS/XqcM8EYGh77TTfJ5It7DRtLljqqh2GNS:BOMMgL9Oq328jh7TTJ2VRLNM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45edc1e7a7093fdd9e9bf20a635bbf40_JaffaCakes118

Files

45edc1e7a7093fdd9e9bf20a635bbf40_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7619382474ad5f39ae0b7168f86fe40c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileW
GetProcAddress
GetTempFileNameA
GetOEMCP
LoadLibraryExA
RtlFillMemory

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Ncoomdh
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 114KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ