4cc71bc9f95a102eefa33de0c1197f41_JaffaCakes118 | Triage

Sharing

General

Target

4cc71bc9f95a102eefa33de0c1197f41_JaffaCakes118
Size

549KB
MD5

4cc71bc9f95a102eefa33de0c1197f41
SHA1

e3e448b9f1b858e6eb2a5c657d826fa5c92b245a
SHA256

abb3316c81580244102c64b42e2af3aa0485e7f98b3ce8209890fc145d54e0f1
SHA512

a752aec0b6462df88c845efcd82e1af2a336e31d69d8938a2704ce93fc16fae0c1c74375c3f62c1f231c87b0304c66a54a73b3a93a4ee7dd491d7fda4942000b
SSDEEP

12288:ip+omsue10MIlxPJvwbR8KC4R6NjBV17HRlMphm5U+n8Tl0nZ:4+dXemMESo4gV7HLoM5Byl0nZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cc71bc9f95a102eefa33de0c1197f41_JaffaCakes118

Files

4cc71bc9f95a102eefa33de0c1197f41_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

68ef7ec066e002c8e96d3a97512a3482

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

mpr

WNetGetConnectionA

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

wininet

InternetGetConnectedState

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 541KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE