a4713973f9a1046bb4b9247a520ac154_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4713973f9a1046bb4b9247a520ac154_JaffaCakes118
Size

101KB
MD5

a4713973f9a1046bb4b9247a520ac154
SHA1

e4b5db37b81dfe11967a971bfec909d607270bc7
SHA256

0dd531a4aa9bc6f6db0167ed4631913607db7489b433f92cbf2487a00796a57a
SHA512

84cc9350d7e787ecc12bfd9b8413a410bc05494d4b9c77b36992a30e70aeab099928ecf3820f874692e8d2f29d4f526ac7e9af62b344a56d8d3656b85d8da561
SSDEEP

3072:VRY32/l81dMLmPI3pVn2cCt8nouIufoMJTnnAG4QY:VR8dMUKpVn3k8o0foMJDA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4713973f9a1046bb4b9247a520ac154_JaffaCakes118

Files

a4713973f9a1046bb4b9247a520ac154_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

afb97bdfca88fddcaffa789719dfab56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
GetProfileStringA
RtlMoveMemory
GetProcAddress
SetConsoleLocalEUDC

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Moionci
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 98KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ