a533655d1cac2fc7d87a69360b837fb1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a533655d1cac2fc7d87a69360b837fb1_JaffaCakes118
Size

72KB
MD5

a533655d1cac2fc7d87a69360b837fb1
SHA1

93120907efe3e681f08e93c43f23985760625d17
SHA256

aabcac0b6de5ee88a71d2ec13b739c2855a28094e293fc3b514c9af3fd8e33e7
SHA512

2347abc27a215bfa68b8eccbe8e2a64727fc2f26c7e449222c33c93549055b57f12308d597746595710eaf89565f3e0d87e16f6778103b8903c0f092c43cfe94
SSDEEP

1536:LofUqBpznk4FJX9pj91YlcyieJ0+snftrgjzBe59:Lo8qBdntJDjgRJXGUJc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a533655d1cac2fc7d87a69360b837fb1_JaffaCakes118

Files

a533655d1cac2fc7d87a69360b837fb1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

934dab0d7bd74af24170281bc63f8b28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA

advapi32

FreeSid

oleaut32

SysFreeString

shlwapi

SHDeleteKeyA

user32

CharNextA

wsock32

send

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain
WLEventLogoff
WLEventLogon

Sections

.text
Size: 70KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE