72a58c15e505dad9d0c63d9d6a11a143_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72a58c15e505dad9d0c63d9d6a11a143_JaffaCakes118
Size

36KB
MD5

72a58c15e505dad9d0c63d9d6a11a143
SHA1

dcbd1e3f34f5656489018865e54f6a047b8ecf07
SHA256

d7b1b44cda47e746532128f6056271851b8c5838c4e6814ddedf20beb7b8de5c
SHA512

d26dfa0f8f24c13d50f8b4fd3e0c119385a5e181e8340269dd096bf766a292c1ab9b3899388d0ab0039b29eb6ed29f79863f6f92d9bbb948c2ec9461577a28ff
SSDEEP

768:1OeFfwPA6V1I1BVeIoOCF+uMmr30DZQe7+7SDr:UeFfwPA6V1I13oOC8m70DZ++D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72a58c15e505dad9d0c63d9d6a11a143_JaffaCakes118

Files

72a58c15e505dad9d0c63d9d6a11a143_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8745042c5e01bfb3118a070483c9092a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetModuleFileNameA
InterlockedIncrement
WritePrivateProfileStringA
DeleteFileA
GetSystemDirectoryA
GetProcAddress
GetWindowsDirectoryA
LoadLibraryA
GetLocalTime

user32

FindWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
PostMessageA
DefWindowProcA
CreateWindowExA
ShowWindow
CallNextHookEx
RegisterClassExA

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

_initterm
free
__CxxFrameHandler
strstr
strrchr
_access
_strlwr
malloc
_adjust_fdiv
_stricmp
fclose
fwrite
fopen
sprintf
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

DllRegisterServer
DllUnregisterServer
RSTRCEvUKL
jcVKWsA
volLjBCHpUx

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ