6799cd4e4e0fdea22fd3c707b711bb71_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6799cd4e4e0fdea22fd3c707b711bb71_JaffaCakes118
Size

79KB
MD5

6799cd4e4e0fdea22fd3c707b711bb71
SHA1

17097605ddf4136d1f6f75672eeaec85a6ff1b8c
SHA256

3ef4dd75264b957b41cccbddd7d6d3c75f61ee9ffac11eecf52312f566152f53
SHA512

346061d0b85bc24b3358c559de15880d07c7feeb58fd9d684715263ac97ba1f106c837f67de5e22a747edf49cb8de8bd06242b683209fa728dfea32f1918771a
SSDEEP

1536:qErl67A/Gdgly4JF6ypK44H5/PcrIo5CcGzf72ub7:qErD+dgZ1pC5nc0mub

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6799cd4e4e0fdea22fd3c707b711bb71_JaffaCakes118

Files

6799cd4e4e0fdea22fd3c707b711bb71_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fa949d982047f6f0cc30f65376b7484c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
OpenEventA
LoadLibraryExA
GetProcAddress
LeaveCriticalSection

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

version

VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInit
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.itex
Size: 77KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE