6a584b0cf9a2e0c993f3c72407c7403c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a584b0cf9a2e0c993f3c72407c7403c_JaffaCakes118
Size

125KB
MD5

6a584b0cf9a2e0c993f3c72407c7403c
SHA1

b9d51be23d9ce553f44310856ecc4c3e312cadbc
SHA256

fa46128667e1598dffd136ba99f297ad34bd62843ea74d2e64d3d13f3a96de65
SHA512

c8a8dd2ef33abba609792a236500232229dda22c0de67dc6ad5161939ace77b30a5974ba4995e1a5cf0dfb2da78f2fb0b2dd75de8c14cd757af412510d9eea13
SSDEEP

1536:H9yDj+x44hfgroSKRDoTDp3tj9hXZDRYSMJJVSzKD7DJjAJuNswZs2PTdaPZHobF:KCS4hqKSvPZlPFk7Dl7NhPB2ZH8AW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a584b0cf9a2e0c993f3c72407c7403c_JaffaCakes118

Files

6a584b0cf9a2e0c993f3c72407c7403c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e58bae9c83e6801877ea58513487c16a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

ws2_32

WSAStartup

wininet

InternetConnectA

shlwapi

SHSetValueA

mfc42

ord800

msvcrt

??1type_info@@UAE@XZ

user32

LoadIconA

gdi32

CreateCompatibleBitmap

shell32

ShellExecuteA

comctl32

_TrackMouseEvent

ole32

CoUninitialize

oleaut32

SysStringLen

urlmon

URLDownloadToFileA

Exports

Exports

CPlApplet
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SecurityMonitor
ShowSecurityDialog

Sections

.text
Size: 94KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE