8d70f8ef119dcaf361a71c3c8e1495e3_JaffaCakes118 | Triage

Sharing

General

Target

8d70f8ef119dcaf361a71c3c8e1495e3_JaffaCakes118
Size

10KB
MD5

8d70f8ef119dcaf361a71c3c8e1495e3
SHA1

de81a6646715ed79e4b501d2f5bd20af8aef5c88
SHA256

d9889c0d13fe3a775cb36640e657a2692885ca8ac2f152f4304b281fd5f1be0d
SHA512

a47da1bccda4f94c9979bd4dadf46813d8b4a321b0fc6f91d2c9a44a7652f37529e42721f26753ffd034e23f59b5656f1f3454c52713b5f84e0e7488bffaf5be
SSDEEP

96:3NlTuOiTxS9SQhuj9jBGhTe3QcltHa92EEMqKqPJwRJwHY+ik1KHf1j8e29nqvg6:3KvQYEhigc49ID3Rg3+j1n9nqaAic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d70f8ef119dcaf361a71c3c8e1495e3_JaffaCakes118

Files

8d70f8ef119dcaf361a71c3c8e1495e3_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

cb9fc98a5d2b1a840fee1a63188f5164

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueW
SHDeleteKeyW
SHGetValueW

msvcrt

??3@YAXPAX@Z
wcscpy
??2@YAPAXI@Z
srand
free
_initterm
malloc
_adjust_fdiv
rand
wcsstr
wcslen
memcmp
wcscat
??1type_info@@UAE@XZ

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ