8747d7ecc6989e85ca6f48033f527361_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8747d7ecc6989e85ca6f48033f527361_JaffaCakes118
Size

100KB
MD5

8747d7ecc6989e85ca6f48033f527361
SHA1

ad99293c7e6356bf27d624fc784962750d8e1da7
SHA256

48f4dec77733d98be7ae0a0ba723fe31d5420b6e9f4cd3a8169c4d7fa8164dcc
SHA512

198f3221fbb83ef4ec8ef23f823419c1ad85e3d0ac090fa8465517bb166e0e8fea593af580061964cb7202c4948b736b1beee3e93a16c44bc5dad9df8a36ff97
SSDEEP

3072:1uT3enKzRGpLEEKlelKh+2saqs8GNMT66jqzluB9D:1uT3eneGpQEKle0h+faqsoTfezlY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8747d7ecc6989e85ca6f48033f527361_JaffaCakes118

Files

8747d7ecc6989e85ca6f48033f527361_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cff8c3dc9d3b3202ca7764d84972aa0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

MoveFileWithProgressW
FillConsoleOutputCharacterW
GetProcAddress
LoadLibraryExA
DeleteVolumeMountPointW
WritePrivateProfileStructA
SetComputerNameA

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Hpcmpmc
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 97KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ