691be4fa99c2086411adfcbcbcf978c5_JaffaCakes118 | Triage

Sharing

General

Target

691be4fa99c2086411adfcbcbcf978c5_JaffaCakes118
Size

100KB
MD5

691be4fa99c2086411adfcbcbcf978c5
SHA1

9cf003f67c2f9901d2790aa203c5e8c0852ea527
SHA256

f8b6bba8d7208a1c7d0001206d5c616760c4aedfc8fd79dd742b6798a04261bc
SHA512

744636a50fab31ea361c543db6cd3492b7a52284280aac0bba9b6357900258f3cb78bfd7f423f9141bfcf43d8bd398efa23a9c71e75cb2036e81cb1430430ec5
SSDEEP

3072:oG25Iulg/Wb42FHd3A0QVpc2os/ZzhurM8u1:oG2yiWW02BqNVpj/ZUr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
691be4fa99c2086411adfcbcbcf978c5_JaffaCakes118

Files

691be4fa99c2086411adfcbcbcf978c5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

40242e785cc60bebf83ef6a3b3c63abf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryExA
GetProcAddress
lstrcatA
SetErrorMode

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Gakncpl
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 96KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ