856f45c5a0215b640991906cb923fa63_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

856f45c5a0215b640991906cb923fa63_JaffaCakes118
Size

11KB
MD5

856f45c5a0215b640991906cb923fa63
SHA1

9b896f64c04dda684f0d86ff099fcfc9085cbab9
SHA256

575e8d711b5f7c64486a2df65f2a5845266fb305c6424862fc9cbcd7ec1bffc0
SHA512

fe8f3c4de7123575932cefdf4fe73210c86ba8793f0928cdcf4babcb4bcd732f3fee1e94a838e0007ff21f09cdf5ae38cf4a58d83d7c8fdfe2b08c2e936205f7
SSDEEP

192:n2ffuyp1nHcj+6ZHearV0EGBwKy+UMukrjjNL/Rtm7tWatDZ:nK0VRKwKyMNjRRVa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
856f45c5a0215b640991906cb923fa63_JaffaCakes118

Files

856f45c5a0215b640991906cb923fa63_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c9ec57640d7ba959cdf55734d21e4afc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
lstrlenW
GetSystemDirectoryW
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
SetFileAttributesW
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
WinExec

user32

wsprintfW
CharLowerA
EndPaint
ShowWindow
AnyPopup

gdi32

RestoreDC

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ