616a41e09fc404f3c05f3da013d63bf9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

616a41e09fc404f3c05f3da013d63bf9_JaffaCakes118
Size

12KB
MD5

616a41e09fc404f3c05f3da013d63bf9
SHA1

dc3e58861dfba32d7c09d9fa6877d7080976f9b7
SHA256

7f0480f43e7bfe78dee17e30d2a2c77b4acebf379fb93705e118aed2ebe3318d
SHA512

3b3d826d9d563d7cb4d7d9bb93afeab4d2f15a903e0a48f3f97a00c40fe31a5f97ed93c7d01f671c4588413d6f1d9d07e334c9a911480db1d87c69d56c4108b0
SSDEEP

192:oibqkp9V/8F9+NViY/BaGTKFc4sBEGBnP8f5wd7Iceqq/MCRm0:VqkpvMqYGTKJKYOPe9pw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
616a41e09fc404f3c05f3da013d63bf9_JaffaCakes118

Files

616a41e09fc404f3c05f3da013d63bf9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f948eef4f3564c57248a3385f018f1b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
lstrlenW
GetSystemDirectoryW
lstrcpyW
lstrcatW
GetModuleFileNameA
MultiByteToWideChar
GetProcessHeap
FreeLibrary
PulseEvent
CompareStringW
HeapAlloc
HeapFree
Sleep
RtlUnwind

user32

wsprintfW
CharLowerA
BeginPaint
AnyPopup
GetForegroundWindow
ShowWindow

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ