6fe221d73cde795270c5872a6e3655cc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fe221d73cde795270c5872a6e3655cc_JaffaCakes118
Size

97KB
MD5

6fe221d73cde795270c5872a6e3655cc
SHA1

e88b25a88a101290a0909e5b80ccd249d93a0cb3
SHA256

d7f08a60858cadc407f7c17b556ccdd29ab8ef33e21246811313326260f007f4
SHA512

e9807fdc332a83075aa31757fbacfdb20e609c29120223d097bd35242ea67504e0d11be39c85fd56bdf1ae804189ffb5d4f777ffb272117aa3a5e566f6e1a634
SSDEEP

1536:yBVnkx/Ug7dTfuNf1LZx98IixfX85zr29NGl8d19kAM0CpxGoz/7vvD3MXuQhCm0:KVgx6JY5SPlokAk//nD3VQxTz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fe221d73cde795270c5872a6e3655cc_JaffaCakes118

Files

6fe221d73cde795270c5872a6e3655cc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a670c6f60cc7975bc93d8b1d045fecd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateJobObjectA
ReadFileEx
GetProcAddress
LoadLibraryExA
OpenEventA
SetErrorMode

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Honglom
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 95KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 398B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE