867fb5c1e481ca6f1338aae003e6ac90_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

867fb5c1e481ca6f1338aae003e6ac90_JaffaCakes118
Size

10KB
MD5

867fb5c1e481ca6f1338aae003e6ac90
SHA1

9864ccba12378b5e8276a612d7258935e76c8f41
SHA256

0b5f29502870ef59ff77db64a9f375c212f4e54ecdc82b640f2a17199bfccebb
SHA512

593038f2187585a6d2ea7d03f989848f23137875762c9ab293405f76a8ca47da39f8d80810533530497e1aa155cc69c62742380d2bcc3023474cd3cbaf696979
SSDEEP

96:3DlTuOiTR29SQhSusuQjBGhTe3QwltHa92EEMqKJAk8JwEAVJwESE+yk1KHf1j8G:347Q4Ehigo49ID/wgE+z1n9nq4Aic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
867fb5c1e481ca6f1338aae003e6ac90_JaffaCakes118

Files

867fb5c1e481ca6f1338aae003e6ac90_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

cb9fc98a5d2b1a840fee1a63188f5164

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueW
SHDeleteKeyW
SHGetValueW

msvcrt

??3@YAXPAX@Z
wcscpy
??2@YAPAXI@Z
srand
free
_initterm
malloc
_adjust_fdiv
rand
wcsstr
wcslen
memcmp
wcscat
??1type_info@@UAE@XZ

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ