5ae0291b2017e15e916eff0f7e0eeafc_JaffaCakes118 | Triage

Sharing

General

Target

5ae0291b2017e15e916eff0f7e0eeafc_JaffaCakes118
Size

101KB
MD5

5ae0291b2017e15e916eff0f7e0eeafc
SHA1

e41ae1d739988422c6f7e01209a7cb9164a8c62b
SHA256

ae2d4e30fc3662f519ae2925344287801f0ff78d1d92e9ca29e47daf61e37776
SHA512

7205c0cb47dd158985f613ef67fa20d332d9d45236569e8b7666bf9617456ac25477905e7acbf13bc73b4f5db2ca89853a689470a8137bd6e93b5cd52216840b
SSDEEP

1536:HD2WgET4Ab/oO6Zk1Hs4MyqiMRl+RoZax3/FYYK7/+5U/DKQnAVUE6aVaA4kskmQ:jlcAb/6CM4IhqHQ/K2AxRf3rX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ae0291b2017e15e916eff0f7e0eeafc_JaffaCakes118

Files

5ae0291b2017e15e916eff0f7e0eeafc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

79e58e5a943cdfcacc8c3d9cf1ff43ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalReAlloc
LoadLibraryExA
AddAtomA
GetProcAddress
ResumeThread
CreateProcessInternalW
MultiByteToWideChar
GetVolumeNameForVolumeMountPointA
GetCompressedFileSizeW

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Momocki
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 98KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ