78d9c5ba8664306276158ee4ddfd38fd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

78d9c5ba8664306276158ee4ddfd38fd_JaffaCakes118
Size

122KB
MD5

78d9c5ba8664306276158ee4ddfd38fd
SHA1

b71d397480af885cabe72e6234b49661db0c6c5b
SHA256

a771a3961d10a885b78c22d59e2e9506c4a99a6b89914a57ae1b6170139979d6
SHA512

4c7e1fc56e7cb904a5fd8968e1cb73bafddf78c01cc43077225207e566db6a1693811bd21121d1c909fe26deb3712a1b8892fe019559a09b279232f80df186bf
SSDEEP

3072:wOZzyv184TaNGHBBnnnWt4dOwN5140NN3CxGDobtR:wK4a4uEDnnnW+dXN5yIN32GDobtR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78d9c5ba8664306276158ee4ddfd38fd_JaffaCakes118

Files

78d9c5ba8664306276158ee4ddfd38fd_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b15ba861f10ebd4575830a1c6c6aae4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetShortPathNameA
GetModuleFileNameA
lstrlenA
GetProcAddress
FreeLibrary
GetEnvironmentVariableA
lstrcatA
SetEnvironmentVariableA
LoadLibraryA
lstrcpyA

user32

MessageBoxA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA

msvcr71

strlen
__dllonexit
_except_handler3
__CppXcptFilter
_adjust_fdiv
memset
_stat
_makepath
_splitpath
_onexit
free
_initterm
malloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE