4b636b30bb471bfba4270cc13dc99876_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b636b30bb471bfba4270cc13dc99876_JaffaCakes118
Size

122KB
MD5

4b636b30bb471bfba4270cc13dc99876
SHA1

a798f223d029ff5c7ac3aa05af515d131b20ae48
SHA256

bdd58cbb4b4a036ce5596cf861fe4c7832a0acddae248ec5ea0bfb2722ca234c
SHA512

c59395367cdf3ca4512d7c57402f2a8d235782dae1204982bfe31da736fe976942c9041ef47d7539b0842e361a091bd82fcaeacf8502aef3665ee72a9dd53655
SSDEEP

3072:3wROzRdKba6ujHDrevAFV3wlg0UM0yJRF17bxsWHf:3/RdKbatLeA/3YXJpzf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b636b30bb471bfba4270cc13dc99876_JaffaCakes118

Files

4b636b30bb471bfba4270cc13dc99876_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8b27d17746d2b1b7a93168398212fcd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

version

VerQueryValueA

wsock32

send

Exports

Exports

DLLCanUnloadNow
DLLGetClassObject
DLLRegisterServer
DLLUnregisterServer

Sections

.text
Size: 120KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE