a1984515e6120612765075612bbe2eaf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1984515e6120612765075612bbe2eaf_JaffaCakes118
Size

12KB
MD5

a1984515e6120612765075612bbe2eaf
SHA1

d403c50c2bd304192451e9d412d0bfbfcbcdeffc
SHA256

eec3f3c567c5bce7a20569c163c1dd128889e80ebf907fc2f610532636c3ec79
SHA512

5b4b10e2d02f8923c44787bc8d8d75496a8cac726d89f4670f72e172dc065404b355fcefc8f46bb235df4f7ba704facd07f2f30bf08ed5dfe4fad2f00402b130
SSDEEP

192:M8zyAEQ4A1+WQXVYBq8tQQvlqYCKqqAe8T9TwC5:MZPXVYBBtQCIYCmi9MC5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1984515e6120612765075612bbe2eaf_JaffaCakes118

Files

a1984515e6120612765075612bbe2eaf_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

4c2142d95ec5d2e76e35865fe597f895

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyW
SHSetValueW
SHGetValueW

msvcrt

free
??1type_info@@UAE@XZ
malloc
_adjust_fdiv
??2@YAPAXI@Z
wcscpy
??3@YAXPAX@Z
srand
rand
wcsstr
wcslen
memcmp
wcscat
memcpy
_initterm

user32

wsprintfW

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
ReadFile
InterlockedDecrement
InterlockedIncrement
SetFilePointer
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ