5ade02a8b2df19ef18836b7d0a197aa5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ade02a8b2df19ef18836b7d0a197aa5_JaffaCakes118
Size

526KB
MD5

5ade02a8b2df19ef18836b7d0a197aa5
SHA1

4b65f12008250c72cda901ba0f575cf1ddbdb8b6
SHA256

2b12a3481db03aeb106c55c8977196ead51960640a15f4ee45bdbc30eb16aeb4
SHA512

671625ab3eba48a6d2e68c967f49ea78427105131b6ab9565f819b0676b9ed543faf55a838fcbe316ff6d9e760a36e6e598813618684a7afe7609593503d5a37
SSDEEP

12288:eLjZJ/knNPkz8sqTjpVoJe1DGV0ABD6Psp:qjZJ/a28sCVEn04p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ade02a8b2df19ef18836b7d0a197aa5_JaffaCakes118

Files

5ade02a8b2df19ef18836b7d0a197aa5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

34547f63a8c91e13358ecde998a3e917

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA
GetKeyboardType
CreateWindowExA

kernel32

GetVersionExA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameA
GetModuleFileNameW
VirtualFree
VirtualAlloc
ReadProcessMemory
GetCurrentProcess
VirtualQuery
GetCurrentProcessId
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
DeleteCriticalSection
TlsSetValue
lstrcpyA
Sleep

advapi32

RegQueryValueExA
RegSetValueExA

oleaut32

SysFreeString
CreateErrorInfo
SafeArrayPtrOfIndex

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal
IsEqualGUID

comctl32

ImageList_SetIconSize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.rdata
Size: - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE