86012bc4cd6cd765e35c802a294b4aca_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

86012bc4cd6cd765e35c802a294b4aca_JaffaCakes118
Size

10KB
MD5

86012bc4cd6cd765e35c802a294b4aca
SHA1

5d854229e71f289f62b812dc580edf862fcecda6
SHA256

2fed37b30746bdaa58495986b53b6c67462b57918e5c6e629d5e1b9121b5aa6f
SHA512

1ca0780dee2eee8b4ef8c7a7f02585f0610a250c0aadf0441861c5512441b8efd7e225d53946e7639a5e4ab87c44cf9e6faf2b930978522ee3140d403b4228a2
SSDEEP

96:3OlTuOiThS9SQh2zVjBGhTe3QEltHa92EEMysPJwRJwb7E+2iTFf1j8e29nqQg9c:3zvQIEhigk49I0RgW7E+E9nqPAic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86012bc4cd6cd765e35c802a294b4aca_JaffaCakes118

Files

86012bc4cd6cd765e35c802a294b4aca_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

cb9fc98a5d2b1a840fee1a63188f5164

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueW
SHDeleteKeyW
SHGetValueW

msvcrt

??3@YAXPAX@Z
wcscpy
??2@YAPAXI@Z
srand
free
_initterm
malloc
_adjust_fdiv
rand
wcsstr
wcslen
memcmp
wcscat
??1type_info@@UAE@XZ

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ