5ff2be6196a0ed958097db8870ef5481_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ff2be6196a0ed958097db8870ef5481_JaffaCakes118
Size

80KB
MD5

5ff2be6196a0ed958097db8870ef5481
SHA1

6dd8efc6bf3f4828ee0a9c26dcef5fbb4b379b3c
SHA256

15e371b0ba564d47065a953e6cd6a31cde67942d66ee319e959809918cb3d682
SHA512

7249dba40fd59a2170076376d5841377a2d2f8c35ed2e47a70aabbc018dce5309647086134ef21786a5105812c6263cd4ecf416c7e26cb03fe6b60a28d91dfc7
SSDEEP

1536:1FxoYJnxa01TDylTfccs5aRMcscF80/5wPntb8jMojLSdAB9gJ+j:1LoYJT5mlT3sSMcscmY5wPB8MMSdABKs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ff2be6196a0ed958097db8870ef5481_JaffaCakes118

Files

5ff2be6196a0ed958097db8870ef5481_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

39997e5d1dc249474a959b6d73db1533

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
ScrollConsoleScreenBufferA
CancelDeviceWakeupRequest
GetProcAddress
SetVolumeLabelW
RegisterConsoleVDM
GetComputerNameExA

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Oiknlgc
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 77KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ