4a6bac9bbc085a5cc1365fea8c010bea_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a6bac9bbc085a5cc1365fea8c010bea_JaffaCakes118
Size

18KB
MD5

4a6bac9bbc085a5cc1365fea8c010bea
SHA1

4dbe175eab13b2f87741f94e2fa60297119e1633
SHA256

b380b16401e467d3f57d0fffba1f4e9796c7a2ae500d4ee46db92ee67d4f4eac
SHA512

143010dad06ec2236a65d788a6dd6e1a5458a17266ec54d7cfe45385fa51085626e59b72e40787ce73004623c03f7a3a9152ceabfcf4ed28776006ba405779d0
SSDEEP

192:kBaysi8Xmiikw96wAiSkvRlquHSHKF8l3qenZsxXSvZXDNRRWJsRLMdlO2/:Hi8lysKErY4XDgJIYsu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a6bac9bbc085a5cc1365fea8c010bea_JaffaCakes118

Files

4a6bac9bbc085a5cc1365fea8c010bea_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ceb9691e7814c6376babddcac73badf6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
ExitThread
GetVersionExA
GetSystemDirectoryW
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
lstrcpyA
lstrcatA
CloseHandle
GetModuleHandleW
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
CreateThread
CompareStringW
CreateEventA
SetFileAttributesW

user32

wsprintfA
wsprintfW
CharLowerA

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ