4bf572452911f7c00469a51e7480c9f1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4bf572452911f7c00469a51e7480c9f1_JaffaCakes118
Size

763KB
MD5

4bf572452911f7c00469a51e7480c9f1
SHA1

65172db3164056ab9f7d7cc81e002266dd955e92
SHA256

25aed51ec72df40828642e9a363d40ea1e9e8e636a6b7aac00eee0c7c13535b2
SHA512

3c031242f4c570f79e151f956bc37cc14a14e4bdfd22440622f5ab2273ef631859bb2ac3552c6ab02e83be766fcb357764d78383de22fcc4d40f3ec640d1d47b
SSDEEP

12288:Rd+RmEhwPgVfcT4iZNPDwFU9H11cXZRR9OnZ8hNDIaiwEeXGba:D+Lh7hEZVDwFE/8T9QZ8hNDX35Gb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bf572452911f7c00469a51e7480c9f1_JaffaCakes118

Files

4bf572452911f7c00469a51e7480c9f1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ac286c169455b9c88fed9cd00f100c0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

IsEqualGUID

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

wininet

InternetSetOptionA

urlmon

CoInternetCreateZoneManager

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE