5ef88a7658d9fab245357eb4f744a17d_JaffaCakes118 | Triage

Sharing

General

Target

5ef88a7658d9fab245357eb4f744a17d_JaffaCakes118
Size

115KB
MD5

5ef88a7658d9fab245357eb4f744a17d
SHA1

2acd8031d7f40f0d7f2b9c54a73ef36ab270b404
SHA256

be4fa4fa5f129a6c9b888b065a8eea0d00bc2c031e6db7aa7f92c692e81a678e
SHA512

8fe246e93a283d6a754e11127db244bb9e21b6866e69543aeda9a434a324da8dff7962212107debf929ac936f9f8cc9d0c045359d3eac910ef1785ae810e9735
SSDEEP

3072:BiEOcC5VfqlV8gXJQbluUkO8Xvf+RYyh6:+x5VfiV8KKu4+f+Cy0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ef88a7658d9fab245357eb4f744a17d_JaffaCakes118

Files

5ef88a7658d9fab245357eb4f744a17d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

bc33e0d58c61198dfaa558558dad22f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

advapi32

OpenProcessToken

shell32

SHGetFileInfoA

ole32

StringFromGUID2

oleaut32

SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE