5ed53b22cc28d5e1d787822b1706c971_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ed53b22cc28d5e1d787822b1706c971_JaffaCakes118
Size

80KB
MD5

5ed53b22cc28d5e1d787822b1706c971
SHA1

d91ad511b2bdbe4131c1895b3f417e2515902b3b
SHA256

aae808a5060930c61375c4cecd874bf54ee54a11a2fdd83316eeb8c61d1e16db
SHA512

bea8b738955489bd98524a447e7d849fa45e56347f01f043790f48d5496bb9b528629f5960d54a69c3649dd08b466229cf58a25f4ef3c8f864c7cd5492caa7fa
SSDEEP

1536:dh99Qq5FeARaJH/gkw+vUkySbaYt+R9lG0iMcdkYrracpH:J9r5WJfr58kyXD8NM4k0acZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ed53b22cc28d5e1d787822b1706c971_JaffaCakes118

Files

5ed53b22cc28d5e1d787822b1706c971_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

85a03657056b693435f5ed16a1812ece

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
EnumTimeFormatsW
GetFileAttributesExW
SetThreadAffinityMask
GetOEMCP
NlsResetProcessLocale
LoadLibraryExA
Thread32First
MoveFileW

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Hpmikbm
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 77KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ