69e5014081a9f3cd54c79329761057a5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

69e5014081a9f3cd54c79329761057a5_JaffaCakes118
Size

11KB
MD5

69e5014081a9f3cd54c79329761057a5
SHA1

50e7378f44f46036b924f210e2c6380fdfc1e5b1
SHA256

9a5d4c53ee1eb3d1528df1d3eb86eda38f7ba439b14b97eed8f1e896244cd275
SHA512

86ea60da2f060ea94f41c55932c13bc767e8c40d69b6d49c056e21585cf62d9aeb10676f09f0d8adf4bc419a472303ede0698420ec63820ad379b567e680081b
SSDEEP

192:yGXCGm6WkZd+ercAp/qrV0EGBwKFDE3hy+k2Ml22Jd5Ai/RVFi:fyUe4EVRKwK0pMZJd5XRq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69e5014081a9f3cd54c79329761057a5_JaffaCakes118

Files

69e5014081a9f3cd54c79329761057a5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

30189deebc62f3ff687064ed39f9a0f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
GetVersionExA
lstrlenW
lstrcpyW
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
RtlUnwind
lstrcmpA
CompareStringW
GetModuleFileNameA
Sleep
GetProcAddress

user32

wsprintfW
CharLowerA
ReleaseDC

gdi32

DeleteDC

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ