5f26fb6d483df01f92a3cb640d13b8c8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f26fb6d483df01f92a3cb640d13b8c8_JaffaCakes118
Size

123KB
MD5

5f26fb6d483df01f92a3cb640d13b8c8
SHA1

186a7aa852de80761332b3313f5c5a5b81c13593
SHA256

f945933e35037883f5fc7c27349b6149ba29dfa9de533ad20fd1e1bea7dc16e2
SHA512

9c7c059a3e00eb694742134b710743060450ddcdc37a45143619ea6235122929957b550fdac5a0f5d39522811a62c5ebbe3859d3dd9151c98c98340ad29c7006
SSDEEP

3072:Sn3wFN4E/Xtnx6SnN7Uz6CP/NXo/SXn9l37hVffR:Jn4Ynx6Sniz6+xt7hVffR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f26fb6d483df01f92a3cb640d13b8c8_JaffaCakes118

Files

5f26fb6d483df01f92a3cb640d13b8c8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

21392eb9068d8b1650380b647bb49bde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
LoadLibraryA

advapi32

RegQueryValueExA

shlwapi

StrRChrA

urlmon

URLDownloadToCacheFileA

rpcrt4

RpcStringFreeA

user32

EnumThreadWindows

oleaut32

VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 121KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE