666cc311cdc5cdef7cdc4e27ee000d20_JaffaCakes118 | Triage

Sharing

General

Target

666cc311cdc5cdef7cdc4e27ee000d20_JaffaCakes118
Size

58KB
MD5

666cc311cdc5cdef7cdc4e27ee000d20
SHA1

0aa8f4819c04d212dc92db560b537c6443504c35
SHA256

d276ff2b741dbe9bf26f31de47e905be9364efd4f773e7356256580ae513f4d5
SHA512

8557c17e1c288bf762e1b2b564b814afbebea3ffc30e70888c434662fff327acec18ea23be2e7b81300cbb5d58b7f77aff6ca111160ba4b2070a97177b082907
SSDEEP

1536:55+vsAEft7Wnk7sUddeO+cLj9vXt6U/j0yyDe1:55+UNtWUde6F6UwxK1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
666cc311cdc5cdef7cdc4e27ee000d20_JaffaCakes118

Files

666cc311cdc5cdef7cdc4e27ee000d20_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6905da3a890e42f208c5f00902298a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

wsock32

accept

user32

EndDialog

ole32

CoTaskMemAlloc

advapi32

RegDeleteValueA

oleaut32

SysAllocString

gdi32

GetDeviceCaps

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

pec1
Size: 34KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec3
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pec
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE