91b0560f70ede78e8e329089e1df0340_JaffaCakes118 | Triage

Sharing

General

Target

91b0560f70ede78e8e329089e1df0340_JaffaCakes118
Size

331KB
MD5

91b0560f70ede78e8e329089e1df0340
SHA1

f3404d3d5e76b1567d70735c9040dff5fa71ff5d
SHA256

01183168d873adc71a7bf0f1c17de45a004537c9c680b948da771606d414c52a
SHA512

d993a322c47b52d0f1745922cf079d95adc94cf9faaefc52b5b017fdd7880d2093e3000f0a4c1436e11284b7d60409716929ccedaea038dcfeac476e5e9ed8a8
SSDEEP

6144:/gOXktvhhOU35RJEesNr3wU7HuAmHKmlEwrPmRPWEpWFn2E6lyD:dkvhhOKJETRByqTwr03pdf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
91b0560f70ede78e8e329089e1df0340_JaffaCakes118

Files

91b0560f70ede78e8e329089e1df0340_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

86fbdc19e7cee8cd7d94d1a822db2bf6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
lstrcmpA
lstrlenA

winmm

midiInReset

oleaut32

VarCyInt

user32

GetWindowRgn

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnRegisterServer

Sections

.code
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE