63b639b63d160f4bee6f6f288f44baa6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63b639b63d160f4bee6f6f288f44baa6_JaffaCakes118
Size

81KB
MD5

63b639b63d160f4bee6f6f288f44baa6
SHA1

be0792fccad3bd45edbb784f2c688dac1e548090
SHA256

352dec4262ef506bf3a9b57a7c53a24d2c739c55d51a52999a09b8bc25c4361e
SHA512

6190bb7c6fa37ce9ff91d32ab94db3043aa96a0a54c21e0550b6fb56101e3338a2549ce41108bd3ee686632b9bf2ebe7de66cfc3a88fbe8405c5e3581592011c
SSDEEP

1536:smM2H5i25IBl4DMN+nTrsnl1CDFJ5GZALrpXVZFeKclPSnoguPf+/9PdEN:9yxN+Trsnl1CBmZALlXI0lPE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63b639b63d160f4bee6f6f288f44baa6_JaffaCakes118

Files

63b639b63d160f4bee6f6f288f44baa6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f287fd6bfed6cb699b37f724e5b2939b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
GetProcAddress
LeaveCriticalSection

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Aibknco
DllMain
DllRegisterServer
DllUnload
DllUnregisterServer
ServiceMain

Sections

.text
Size: 78KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ