a0bb2fa1118ded15ef5f68946eaf883b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0bb2fa1118ded15ef5f68946eaf883b_JaffaCakes118
Size

10KB
MD5

a0bb2fa1118ded15ef5f68946eaf883b
SHA1

ad6e2d83117ecaf83fed1feb3a2f11c88c5b6871
SHA256

70a99e70123691b351fc82da184f373d8768363094769e5fce4d72d1258e72ef
SHA512

665d74a497b1afae34080141e3d0052c02955f130fc422ddb57176125c51e279aacf0b93dbf3d3bacbc0181cc59a4acec8ac51939caa45a6cb3fe6299c007bde
SSDEEP

96:YdiCTuOiTtW9SQhq7pjBGhTe3Q/QltHa92EEMlJwBJwowDEK8f1j8e29nq57Aiup:5nQoEhig/I49IswADEKf9nq9Aic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0bb2fa1118ded15ef5f68946eaf883b_JaffaCakes118

Files

a0bb2fa1118ded15ef5f68946eaf883b_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

cb9fc98a5d2b1a840fee1a63188f5164

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueW
SHDeleteKeyW
SHGetValueW

msvcrt

??3@YAXPAX@Z
wcscpy
??2@YAPAXI@Z
srand
free
_initterm
malloc
_adjust_fdiv
rand
wcsstr
wcslen
memcmp
wcscat
??1type_info@@UAE@XZ

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ