67ab59db95258360b94c3a72cb7e6bf6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67ab59db95258360b94c3a72cb7e6bf6_JaffaCakes118
Size

14KB
MD5

67ab59db95258360b94c3a72cb7e6bf6
SHA1

7969e8990546f358e3605e00d3bafb7a78c397ad
SHA256

107c5ef0b14f95d3d9a428fd51108afb06064e3f224f77a4fd80b89ed906bf8d
SHA512

076ea837963dac5b5b65699b461963e87a5854a70e779b6fdca14834dd59c66ea4451c2ce38d5331f1bc2cbba3ae701794f0eabdf3b78a5b13a489de031ee2c2
SSDEEP

192:C3lyG2wPj5q86I+UiK4Tco6vkhAS+Kn3+yGicsVrt/RJ5wuN8:c0G2Yzl3HKuy5FRB6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67ab59db95258360b94c3a72cb7e6bf6_JaffaCakes118

Files

67ab59db95258360b94c3a72cb7e6bf6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

076610bcd097d38a3bb8d5b36703c29d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
GetVersionExA
lstrlenW
lstrcpyW
lstrcatW
lstrlenA
MultiByteToWideChar
lstrcpyA
lstrcatA
GetModuleFileNameA
CloseHandle
SetEvent
GetProcAddress
CompareStringW
HeapAlloc
HeapFree
GetProcessHeap
ReadFile
RtlUnwind
lstrcmpA
ResetEvent

user32

wsprintfW
CharLowerA
DestroyWindow
ShowWindow
AnyPopup
IsWindow

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ