639b31b709f4ff2be3559ea0892d1071_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

639b31b709f4ff2be3559ea0892d1071_JaffaCakes118
Size

595KB
MD5

639b31b709f4ff2be3559ea0892d1071
SHA1

68e2aae5d616b204ab7e984a09d8cfc9b58b2cfe
SHA256

c455a988f508359e6adfc3b02501d2977bcb28dd08ef389256221b76254a31b1
SHA512

047295c8d9e51eb3140cf8b93035a018af4cd620332cb10b94775c5cc762e984f8df8680aeffcd90a015230bedc38cae79bf0835c75ebd03d160b89443cdc64c
SSDEEP

12288:7fdGFeXKqAjeKLuoELnA3sDHpRMGeMrtrCIVTSWlZlrVRt:7fdGFeXFALOvDEGeOJDGWlZVt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
639b31b709f4ff2be3559ea0892d1071_JaffaCakes118

Files

639b31b709f4ff2be3559ea0892d1071_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c422aa8e12cfe2df983fcdbffccb520f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
LoadLibraryA

user32

CreateWindowExA
GetKeyboardType

imagehlp

CheckSumMappedFile

oleaut32

SysFreeString
SafeArrayPtrOfIndex

comctl32

ImageList_SetIconSize

imm32

ImmGetCompositionStringA

wininet

InternetReadFile

advapi32

StartServiceA
RegQueryValueExA
RegSetValueExA

wsock32

WSACleanup

msvfw32

DrawDibDraw

shell32

Shell_NotifyIconA

ws2_32

WSAIoctl

msvcrt

memset

mpr

WNetOpenEnumA

version

VerQueryValueA

gdi32

UnrealizeObject

winmm

waveOutWrite

avicap32

capCreateCaptureWindowA

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 592KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE