4841ca7683882cb8d69575f9d9eeb08a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4841ca7683882cb8d69575f9d9eeb08a_JaffaCakes118
Size

32KB
MD5

4841ca7683882cb8d69575f9d9eeb08a
SHA1

4534798c39286df2e9050211557c348034f56b7a
SHA256

5175cdcdc2a836dc115e6a2f690db4f55dfe5be02b0938753985209e8ea2a083
SHA512

a392db19df1a293417b266ec40859778a475a6c76b274ddcd122cfdcebcf970a324d7ffd48716ee4f5e235ad67ace551616ba64e7c62ff076941237d90c2b215
SSDEEP

384:tfdLzSKKgI8sqEkGwyiFqrORAh/T1Ixkin:tlGcsG/0LT1Ixx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4841ca7683882cb8d69575f9d9eeb08a_JaffaCakes118

Files

4841ca7683882cb8d69575f9d9eeb08a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8a147de7bbc5d8197a1d72afcfec892f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
GetVersionExA
HeapCreate
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
DebugBreak
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
HeapFree
HeapAlloc
lstrlenW

oleaut32

SysAllocStringLen
VariantCopy
VariantChangeType
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString

atl

ord21
ord23
ord18
ord57
ord32
ord16
ord58
ord30
ord31
ord15

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 962B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ