833a67f2d61607aa3f76cb166f3a8e61_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

833a67f2d61607aa3f76cb166f3a8e61_JaffaCakes118
Size

10KB
MD5

833a67f2d61607aa3f76cb166f3a8e61
SHA1

ed54c5952d81508c839d876204458926d4cf22b6
SHA256

117126332113fa183be37df5942faeba207f64f6c4644763ffd840a69cf8158c
SHA512

f2edadd4487aad372bd0a7da28e8a6e13115c271c0ba795361ed11bd2c11107d078ad1dac2e7803cf48032d4890ca8fac13b6c9b23ce8488f6fb46a13d2764b0
SSDEEP

192:GXgff/0g1EW5Q4SLYb8p/rV0EGBwKy+PSYjL6+jm//Rv8:GX0R8hVRKwKyYw+QR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
833a67f2d61607aa3f76cb166f3a8e61_JaffaCakes118

Files

833a67f2d61607aa3f76cb166f3a8e61_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

10291d4c86151e3bcc30c39a5db2bc3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
lstrlenW
GetVersionExA
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
SetFileAttributesW

user32

wsprintfW
CharLowerA
ShowWindow
BeginPaint
EndPaint

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ