5be14dce0bed88041666ca3a9f3f4857_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5be14dce0bed88041666ca3a9f3f4857_JaffaCakes118
Size

402KB
MD5

5be14dce0bed88041666ca3a9f3f4857
SHA1

4a7aa00fd25f9dce2fb6aaa4f50cca546d7e1287
SHA256

17854a3631dd584051a25efc97087ec6493413c9653b5b946bb98773cf55488b
SHA512

ce4a06a08e2699ebacf0353de5c21ad32e4706853d8b3f2b89393632bc167c3dcaf56a82d9966707db7ee47eb501857e43cd294856c8ec7d4e54b966cdee1900
SSDEEP

12288:4+NeaiN0Ze7hBAA49O7aQS5hK5ceg8HZo925NIP7:teECLpiK5ceW8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5be14dce0bed88041666ca3a9f3f4857_JaffaCakes118

Files

5be14dce0bed88041666ca3a9f3f4857_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8f3641dd05a30e5a00cd34019ad38bb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
LoadLibraryA

advapi32

RegCreateKeyA

shell32

ShellExecuteA

oleaut32

SysAllocStringByteLen

wininet

InternetOpenUrlA

ws2_32

inet_ntoa

rpcrt4

UuidCreate

atl

ord32

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 400KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE