856754843fa1357befa5df984d6b122a_JaffaCakes118 | Triage

Sharing

General

Target

856754843fa1357befa5df984d6b122a_JaffaCakes118
Size

11KB
MD5

856754843fa1357befa5df984d6b122a
SHA1

ad4558d5c3a04cfbddefe89d890a3eb6b97d49c3
SHA256

f0056035841fad01d92421a2cfe701a7887461ab0a5fb75f60bc77ab0ddaac93
SHA512

e40108ead4baf726b914ff9c24170f889fdb8a9e1b5a1ffb36292bae319cab4be155d9806eba50a6b48a67cb8f066c9f3e5673110663e0188c05eba02a5e5e73
SSDEEP

192:DalXYCVU9w73pvqR58Sm9rcnre0jrV0EGBwKF10f99LZUwWKxe/RdRQBfH:DwXt2G9M58m7VRKwKdBK8RfYH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
856754843fa1357befa5df984d6b122a_JaffaCakes118

Files

856754843fa1357befa5df984d6b122a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5f15dff600ae1cd4980ade49df5ebd5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
GetVersionExA
GetSystemDirectoryW
lstrcpyW
lstrcatW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
FindClose
GetProcessHeap
HeapAlloc
HeapFree
Sleep
RtlUnwind
lstrcmpA
CompareStringW
FreeLibrary

user32

wsprintfW
CharLowerA
GetForegroundWindow
AnyPopup

gdi32

SelectObject

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ