76fcdc57bf2a76e520984d83e7686889_JaffaCakes118 | Triage

Sharing

General

Target

76fcdc57bf2a76e520984d83e7686889_JaffaCakes118
Size

101KB
MD5

76fcdc57bf2a76e520984d83e7686889
SHA1

b1b7b69cf328b0e1bdb20529d0c52b78d1327c3a
SHA256

5552de74e6c232fccb9c8ca6ed5561c07039471b70f075b57ffba7618d8e2d0d
SHA512

bce02905985ee912111a7cdd8a70079dcc06280e1893e389d1cea4fc71795128bb5cd7216720b1f56f9e23b683bbe03524ab6132b0148c654a47f1bbeff6c30c
SSDEEP

3072:cIw1CYsTJ4F9GYr6lY0wTArmB5LjDlt/rq3F0r:8vyJ43wY0chj3Dvr6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76fcdc57bf2a76e520984d83e7686889_JaffaCakes118

Files

76fcdc57bf2a76e520984d83e7686889_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

727e530eea0f68bba57b4769aa029c2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

MulDiv
LoadLibraryExA
GetProcAddress
QueueUserWorkItem

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Edkgblf
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 97KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ