954001fe0768b3315e10f1f6b6a4164c_JaffaCakes118 | Triage

Sharing

General

Target

954001fe0768b3315e10f1f6b6a4164c_JaffaCakes118
Size

100KB
MD5

954001fe0768b3315e10f1f6b6a4164c
SHA1

805d827bc4b56ae5758ab2e5d9103d71c91a4115
SHA256

529705838f3d74506b83328e09933bf17749d3936130822b606a13a48b021bed
SHA512

eb69db5dd8e2091a7486107465bdc44c3f6555fc1146b690db275537e4773f8e405cbffa3b578372757f373b90051a3a131a04e7c6cc4cfb7eeb76ee7484c231
SSDEEP

1536:K7IWuDXl9Ff1e9KV3fBfxkPZ90Yl+mx4gS0awVWxD0uQwwEkF73XwdW:KTsFf1eo5JkPZ9d+217euu/wBXoW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
954001fe0768b3315e10f1f6b6a4164c_JaffaCakes118

Files

954001fe0768b3315e10f1f6b6a4164c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1b87e0030b80dfdb48f4836accb82677

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
GetProcAddress
LoadLibraryExA
GlobalDeleteAtom
GetSystemTimeAdjustment
IsBadHugeReadPtr
PeekConsoleInputA
SetTermsrvAppInstallMode

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Cgnoblo
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 96KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ