493819d25a9aba3060c1b64045a3d39a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

493819d25a9aba3060c1b64045a3d39a_JaffaCakes118
Size

102KB
MD5

493819d25a9aba3060c1b64045a3d39a
SHA1

e3f30d0dd079cf4abb085515a6d71b9cb5a61970
SHA256

71823798c4969546ad2f8ae7551222d548531ce2989580b983823f5f0b5721c8
SHA512

bdb53af95e21c250e8cba010be4736f4461e9b4884bac9f7e2af6fdf7cdf8301df51655cbef26235fdf61dfaca61c493e9e8c3db898c2cf3e1f5ecd9597da0b7
SSDEEP

1536:Vbk8c0l/MjUn7zT/cqmxZd53kYrLkq/fhrK4Flt3CFZ/bufPNudjVSloET:m8niiEqwrLkq/91eRqPYdjNET

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
493819d25a9aba3060c1b64045a3d39a_JaffaCakes118

Files

493819d25a9aba3060c1b64045a3d39a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

df8c09316b261ca8d0d2c810038dc667

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
GetProcAddress
BuildCommDCBW
LoadLibraryExA
FormatMessageA

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Aeogcpm
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 98KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 378B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ