4c4066bf30ba4613794894cc19b9a90e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c4066bf30ba4613794894cc19b9a90e_JaffaCakes118
Size

17KB
MD5

4c4066bf30ba4613794894cc19b9a90e
SHA1

0d9590ed9015e33f22c6d0b04389d58a115494a5
SHA256

10b2b1608711e88c3ebf083f392df6eda8fb1c10e03ebd9d284f672d706736a1
SHA512

d8c07b54f24ab96cfb7787a965f3f78400be48dabbec807640a5a0f844bb4de1520672a3eab0affe169c71e534e38acd11718fa2a29f0b460acb11e4d39e4eb1
SSDEEP

192:Cox/yHa3n3e190mum59K8LDVKomS5KFXvakT6Khnj5qDNRRWJEr+Xo7:Ia3FwLDsSKJD5YDgJVY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c4066bf30ba4613794894cc19b9a90e_JaffaCakes118

Files

4c4066bf30ba4613794894cc19b9a90e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

738eaab3e113ea582b751be39133c59a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
ExitThread
GetVersionExA
GetSystemDirectoryW
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
lstrcpyA
lstrcatA
SetFileAttributesW
GetModuleHandleW
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
CreateThread
CompareStringW
CreateEventA
CloseHandle

user32

wsprintfA
wsprintfW
CharLowerA

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ