81d6d73d53c20918f082f1870bd63364_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81d6d73d53c20918f082f1870bd63364_JaffaCakes118
Size

101KB
MD5

81d6d73d53c20918f082f1870bd63364
SHA1

64a2c20ad10299f8dc4649d257a13349b141f0c2
SHA256

6c4f84a5aafad89ce5d81f9e3efed5c5613eac320da4ebe4b46da1ed07fa309a
SHA512

a649107e989b69c8dd16b5ceb4697851d0d4a396ee66bc829917d3b0c969a30dd73e12d3e13cbb68b82f3c6b1f9cc1dbfd18a8f16982c0c7711afafcce3336fd
SSDEEP

3072:whAbejoaIeiEvlGzy6HB3Avu23tBNLPTyRUHf9nrr:1CjdMy6HB3u3uRS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81d6d73d53c20918f082f1870bd63364_JaffaCakes118

Files

81d6d73d53c20918f082f1870bd63364_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

afb4bd20c7ed6e4f96887db357ac0d87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
GetVolumeInformationA
GetConsoleTitleW
GlobalMemoryStatusEx
GetProcAddress
GetPrivateProfileIntA
FindFirstFileW

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Igkcngi
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 98KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ