a58c3b725b11338d71b0e8b88ecf41eb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a58c3b725b11338d71b0e8b88ecf41eb_JaffaCakes118
Size

17KB
MD5

a58c3b725b11338d71b0e8b88ecf41eb
SHA1

ec262ec3ed1225f10ce16ad474a9b6cb5779efc9
SHA256

d7feaf17ef1bd83c5a53002eddae1a9533bd89ef19e9641ba6c099ee03484f7b
SHA512

c6499e26a89daa9aaf8896a34458c221401224abfe7e1bda6259d7e6032d770aeb1ca511f15867e5ef605fd6756f8f65dd372f1c625b8ff9c43806a4a4a87248
SSDEEP

192:8XUHMZcQeWYx7jPpnANw3TEJkzNuBwTUkiZpagoLVV33tXZKvnQHuanVqan+ZVLU:RO0x7jvjrBZg6g8rVkvAnVq1hBDf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a58c3b725b11338d71b0e8b88ecf41eb_JaffaCakes118

Files

a58c3b725b11338d71b0e8b88ecf41eb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

61e5c92ad2d0118f34509148e7b07907

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wininet

InternetCrackUrlA

ws2_32

recv

msvcrt

wcscmp

atl

ord30

user32

IsWindow

oleaut32

SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 11KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE