85ff018a27fd59c894ac22423e9382c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85ff018a27fd59c894ac22423e9382c1_JaffaCakes118
Size

89KB
MD5

85ff018a27fd59c894ac22423e9382c1
SHA1

6fc9a903a83130103e9672e2cf5c2f0ff978eedd
SHA256

37e76182ae4d284c7fd3b3dff97d586b03fa5965a7468abeefce395c100e0396
SHA512

b262c130400e7ed311a86a560e2d31ec354b32c9151bcfdbc9385718cf183d691bba242b60ae1e741d901c0882f30fc517cd16c3fa24e75015dcb66ee52f1be3
SSDEEP

1536:mmckgxZbT8nrvXtSGROEgiw/Iz0L/Ry8sBbzvvXgQ2atXgK1FXLPEnHKF8dBx1la:9sZn8rvX4GRL2g0DRyRBvvXgQ5tXg8EE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85ff018a27fd59c894ac22423e9382c1_JaffaCakes118

Files

85ff018a27fd59c894ac22423e9382c1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a4cac50beca524c256815722e63224eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wininet

InternetOpenA

urlmon

URLDownloadToFileA

user32

RegisterWindowMessageA

gdi32

CreateDIBSection

advapi32

RegSetValueExA

shell32

ShellExecuteA

ole32

OleRun

oleaut32

SysAllocString

msvcp60

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z

comctl32

ImageList_Draw

msvcrt

realloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 81KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE