606a9aa4b722e1a146e663b47b2be29d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

606a9aa4b722e1a146e663b47b2be29d_JaffaCakes118
Size

13KB
MD5

606a9aa4b722e1a146e663b47b2be29d
SHA1

43b1f63da5f88b1102cbaf5fc72d4f57cfaf4f01
SHA256

b9c789729b05636fd2ec5a52371e0e27345c940975a0abf0b907dad9fbdacf7f
SHA512

1d9ee337226f4f37bc2703f2000992eaa6f37696cec55d11d82502642e27091e1867606f624a690f4e7a1418088572a060836a97c5b72c77e0bbacda72d0f190
SSDEEP

192:XDIdPCAWsNDW46r/cWYYtmrV0EGBwKFwvmNtFJYjGoEHoOAr/RbADJs5:0dKakbqVRKwKHFJz/HoO6Rg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
606a9aa4b722e1a146e663b47b2be29d_JaffaCakes118

Files

606a9aa4b722e1a146e663b47b2be29d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d7533938a787084fb7b2645fcf531aec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
GetVersionExA
lstrlenW
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
ResetEvent
FindNextFileA
GetFileAttributesA
FindClose
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
CompareStringW
SetFileAttributesA

user32

MessageBoxA
wsprintfW
CharLowerA
ReleaseDC
ShowWindow

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ