73908100ceda93bb5ef88c7d558d1b27_JaffaCakes118 | Triage

Sharing

General

Target

73908100ceda93bb5ef88c7d558d1b27_JaffaCakes118
Size

20KB
MD5

73908100ceda93bb5ef88c7d558d1b27
SHA1

a879b0e934f738bba2a6b604f886db1e49d690bb
SHA256

520b9398736bee7650ce6a0243d4d69dcdb19ef1729a2e15004a7a3fc68258bc
SHA512

4cda58d0f5652cab34d7504597a0d0428d01102a74c6a972e58e2f691147d192bbc482f36062729e3b54ef47729bcd5b10747a011e06835714fcb9849f71effa
SSDEEP

384:y0bpQykYtfLULLAnTEv10VF6zz+GMR/cYcuN7EPKgMDB0Yx5Gof6Win9KHQMB9DV:D0luM+Hgs5S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73908100ceda93bb5ef88c7d558d1b27_JaffaCakes118

Files

73908100ceda93bb5ef88c7d558d1b27_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f548cc29fcbb9517e8ddd16b7faa9308

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
MultiByteToWideChar
lstrlenA
ExitThread
lstrcpyA
SetEvent
lstrlenW
GetVersionExA
GetSystemDirectoryW
lstrcatA
GetProcAddress
WaitForSingleObject
LoadLibraryExA
GetProcessHeap
FindClose
HeapFree
CloseHandle
FreeLibrary
HeapAlloc
RtlUnwind
lstrcmpA
CreateThread
CompareStringW
CreateEventA

user32

wsprintfW
CharLowerA
wsprintfA

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ