85e21444afa039431e56d5db45fc1442_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85e21444afa039431e56d5db45fc1442_JaffaCakes118
Size

118KB
MD5

85e21444afa039431e56d5db45fc1442
SHA1

fb60bcdda9fd3c1191b6d7aa50e51197550b8968
SHA256

142fac809d1bcafe4333f478b0d72ba4e83d754699871dca197b0ff4224ecac4
SHA512

d369c865ba6b1c54a391e0e82385ddaa9e7b873c182df750f0f0f45432ec54bad96c28afe4418cf513bc55b64891ef3b55d633e50c636eada6ab8c3cd514224c
SSDEEP

3072:kSSImP12R4IhC0TTdmsAgwZLY/s3j52tkLtUaoEfRdOjL:kSjULg9JmsAgwZLY/EjtLfoEpdOf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85e21444afa039431e56d5db45fc1442_JaffaCakes118

Files

85e21444afa039431e56d5db45fc1442_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

21392eb9068d8b1650380b647bb49bde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
LoadLibraryA

advapi32

RegQueryValueExA

shlwapi

StrRChrA

urlmon

URLDownloadToCacheFileA

rpcrt4

RpcStringFreeA

user32

EnumThreadWindows

oleaut32

VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE