4d1811ee33e8559fec7a9d956060ecf6_JaffaCakes118 | Triage

Sharing

General

Target

4d1811ee33e8559fec7a9d956060ecf6_JaffaCakes118
Size

32KB
MD5

4d1811ee33e8559fec7a9d956060ecf6
SHA1

f1c1770405240478da4b6c0a4e3d34d14815c59d
SHA256

64f98ea6d894396674352f6dbe961bed590211399cef0ebaa6b3f2eb35cf6ce3
SHA512

a0c05ff295f819ff2ad827cacd96b5fd094c868ad1fdbec2fc13eaed8ac6aa11215a6e1a15821d47c975093b8ee040063263c87cfa9d61e8c236125456eb5e14
SSDEEP

384:w+QbyY4WSGzkgHKBIfT9sfrNPNf/uCr/PqwCleE:w+Qby5vGzkgHTirNV/uCr/PMs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d1811ee33e8559fec7a9d956060ecf6_JaffaCakes118

Files

4d1811ee33e8559fec7a9d956060ecf6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

3829545e9696b5d5761b4931ffcbcb1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateThread
DeleteFileA
InterlockedIncrement
GetLocalTime
GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleFileNameA
WinExec
GetProcAddress
LoadLibraryA

user32

CreateWindowExA
ShowWindow
SetTimer
KillTimer
UnhookWindowsHookEx
RegisterClassExA
GetMessageA
TranslateMessage
DispatchMessageA
CallNextHookEx
FindWindowExA
PostMessageA
DefWindowProcA
SetWindowsHookExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

_initterm
free
strchr
fopen
fwrite
fclose
strstr
__CxxFrameHandler
_strlwr
malloc
_adjust_fdiv
_stricmp
strrchr
_access
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ