61219208bdde0d73389e02dd53baf6f8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61219208bdde0d73389e02dd53baf6f8_JaffaCakes118
Size

56KB
MD5

61219208bdde0d73389e02dd53baf6f8
SHA1

c6b0175f6f242e1f1a682439ce1400f140ba22b1
SHA256

0ef4eb3f0c8cc7ff7b67f6cf1b172a01fb60e71f7ea1ba125cc996efb2b59151
SHA512

2248f7fa0350d1326ffe954bbdf7d0232d1cc2a7c998819d08a0e28dea5484e0ede13fb225d7a5d21d1616d56d8c743ab37d4d2255f812d2d110e4d33a6cd60d
SSDEEP

768:0dvn2PWRCE8vaky4Ilm9og64FUcrelXoO7gUosVQjv1BwKiTW3pUWsnuJQyYYWCE:onzReakyeog65NP7uqk9ppUNumOtA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61219208bdde0d73389e02dd53baf6f8_JaffaCakes118

Files

61219208bdde0d73389e02dd53baf6f8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8e73f8befc71b72ea97bfd9144fdf7e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord941
ord800
ord537

msvcrt

_adjust_fdiv
_initterm
__CxxFrameHandler
_mbscmp
strlen
malloc
free
rand
realloc
memset
memcpy
_stricmp
_strlwr

kernel32

VirtualAlloc
GetProcessHeap
HeapAlloc
VirtualFree
DeleteFileA
GetModuleFileNameA
CreateFileA
GetFileSize
ReadFile
CloseHandle
FreeLibrary
HeapFree
Sleep
IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualProtect

user32

MessageBoxA

Exports

Exports

DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ