47ad572f741f9b5565c6720fe79f300e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47ad572f741f9b5565c6720fe79f300e_JaffaCakes118
Size

11KB
MD5

47ad572f741f9b5565c6720fe79f300e
SHA1

dac8c6f05883c48e69df5698831d202573bf92ad
SHA256

e4e641ce43ad7971b254ee3c3b60d8c26aaf72a8f8d394d873993abcb5af113c
SHA512

4ca38fccd2eaa4269d02c4c8847599206a0cd3199f24330897af13d528e995b77de8786e2431c10df31be0809a04f327c25e68777d586800e70b7c41bedbd748
SSDEEP

192:yKeMTVuCtl8GZ4YvMr0bQP5rV0EGBwKFDi6iJknQLlC2lnIoKe/RuqE:Ff3biLVRKwK9Pn0VlnIoZRt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47ad572f741f9b5565c6720fe79f300e_JaffaCakes118

Files

47ad572f741f9b5565c6720fe79f300e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

87ccd847d5c0268a902600d1446d2850

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
GetVersionExA
lstrlenW
lstrcpyW
lstrlenA
MultiByteToWideChar
HeapAlloc
Sleep
GetModuleFileNameA
lstrcmpA
CompareStringW
GetProcessHeap
RtlUnwind
HeapFree

user32

wsprintfW
CharLowerA
GetDesktopWindow

gdi32

SelectObject

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ