4793816ae861cf073c315187c2af3284_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4793816ae861cf073c315187c2af3284_JaffaCakes118
Size

1.9MB
MD5

4793816ae861cf073c315187c2af3284
SHA1

c786e4012a89b1902a23e541bb772b4f19a68a23
SHA256

d3171019196939c712fabff14cfbe31db67fa62f388cb1c715d217583fdfafa3
SHA512

229900c93c69084466843a5264f40bb3c9555097439363a938128faf1d87633b982b81ef846c05ff8fb316be6e846046d9796934e18bf832b15355774f53dc0c
SSDEEP

49152:dlRnhJc3x1BzTA7l0sc/ssr2eKl/2qt4ZBDaugs+K:j1hy3x1Bz7/muqt4XWujF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4793816ae861cf073c315187c2af3284_JaffaCakes118

Files

4793816ae861cf073c315187c2af3284_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fdd22920a78c4409e1673b1facec73aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalSize
ResumeThread
CreateFileMappingW
WriteProcessMemory
LoadLibraryA
GetFileTime
GetProcAddress

user32

GetWindowThreadProcessId
GetForegroundWindow
OffsetRect
WaitForInputIdle
SendMessageW
KillTimer

shlwapi

StrCatW
PathIsUNCServerShareW

advapi32

RegLoadKeyW

shell32

SHBindToParent
ShellExecuteExW
SHGetFolderLocation

gdi32

CreateBitmapIndirect
SetMetaFileBitsEx
CreateFontIndirectW
SetLayout

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 356KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ