689a2372af046620cb7aafb54346a98f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

689a2372af046620cb7aafb54346a98f_JaffaCakes118
Size

102KB
MD5

689a2372af046620cb7aafb54346a98f
SHA1

1ca97cccd58c44ddb6d11a61a5f1efd352620f17
SHA256

3c4bae98224a0b235fe0f729d4b8d36c8363baf2631c292c9e2babf6b41e600d
SHA512

073c99e580ebfaa966238039591055c58ddb19c05781030da79e7e7fb7c55176fae84f05fdb3d507c91df02d8ad01a59b3221509c2c2c55216760ea952bdfb4a
SSDEEP

3072:QTbE1BQadFW0yUeKsuzv6ZzWJFCc0WD0NUgvS:Q8swF9sLu2Z6JFKUg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
689a2372af046620cb7aafb54346a98f_JaffaCakes118

Files

689a2372af046620cb7aafb54346a98f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

80f439517258c0525c42aad422c8876f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetStartupInfoW
GetProcAddress
LoadLibraryExA
GetSystemTimeAsFileTime
GetProcessVersion
GetProfileStringA
CreateToolhelp32Snapshot

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Fomanmd
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 98KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ