783b01f6fb5f7054db801f967dddefbc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

783b01f6fb5f7054db801f967dddefbc_JaffaCakes118
Size

119KB
MD5

783b01f6fb5f7054db801f967dddefbc
SHA1

c57ab66c10ccbe4ca7a00e388ad6c7f2572e8da0
SHA256

2b412ab0aa414119509967278fc381a1ee9803f7237e36d0d58286b3eeec8c49
SHA512

cd245386c655e97e7f5e333a41303502466215660dc4a005832eff1201e6706cb1fafcb40c28c2076384580f3ce66405c3461f59e1e1227b8fb1e595f39bc645
SSDEEP

3072:sOOoW88gZyQadj8vVTDV0jOOsbYZlteq71lfIOW+Mu/:sOOov8g0Qp9TDKyO4YZCilfI5G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
783b01f6fb5f7054db801f967dddefbc_JaffaCakes118

Files

783b01f6fb5f7054db801f967dddefbc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

21392eb9068d8b1650380b647bb49bde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
LoadLibraryA

advapi32

RegQueryValueExA

shlwapi

StrRChrA

urlmon

URLDownloadToCacheFileA

rpcrt4

RpcStringFreeA

user32

EnumThreadWindows

oleaut32

VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 117KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE