829c31b02d09a138ed26ca8d3bdc28a8_JaffaCakes118 | Triage

Sharing

General

Target

829c31b02d09a138ed26ca8d3bdc28a8_JaffaCakes118
Size

10KB
MD5

829c31b02d09a138ed26ca8d3bdc28a8
SHA1

23de7261cd9fc27c95aba256a00f8d687d6e6e24
SHA256

0e140e72268fd1b6a3343b98160feaf7c5baf7ef6789785847712282be4bc7f9
SHA512

7a332b1bd9a58a34ff379d26ca167f5e2bd200197657a2e5f770d916f572f0ca95daba72cea793141c16ce388717afbda244e588844133b24250fac13b1e710e
SSDEEP

192:j3gffz7dI3m5AtSLYb8p/rV0EGBwKy+u/SBL66Zja//RR8:j30kD8hVRKwKyb3a0R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
829c31b02d09a138ed26ca8d3bdc28a8_JaffaCakes118

Files

829c31b02d09a138ed26ca8d3bdc28a8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e643cd95772b891bce5e50cffa2024e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
lstrlenW
GetVersionExA
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
SetFileAttributesW

user32

wsprintfW
CharLowerA
BeginPaint
EndPaint
ShowWindow

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ