a5802a06e4dee3fe7e7e470a29150456_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a5802a06e4dee3fe7e7e470a29150456_JaffaCakes118
Size

205KB
MD5

a5802a06e4dee3fe7e7e470a29150456
SHA1

01d82d416096b9776313c930416662943f310654
SHA256

d9fe58131199a2fb8175e213d838a852655d92fece372676726ccb18eb54864f
SHA512

6eba4a9077b4c997b490db04ed40c80418682a51c77c7d1d84212ef51c7d410582df2e446d2b59942c8d46a8d60d87cae2b29008c9b9d55ced14fbd9faf3529f
SSDEEP

3072:TMg1/mVuoeYonh94ebQu1q8OMbHPtMXV1HwH6POdqXSa4QXvJ:wglSuYoj4uTeXq6HSab

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5802a06e4dee3fe7e7e470a29150456_JaffaCakes118

Files

a5802a06e4dee3fe7e7e470a29150456_JaffaCakes118
.exe regsvr32 windows:4 windows x86 arch:x86

cad309b4a9c3b11f7e7bf7a94e5d438f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
RtlZeroMemory
ScrollConsoleScreenBufferA
RtlMoveMemory
VerSetConditionMask
lstrcpyA
RtlFillMemory
RtlCaptureStackBackTrace
RtlCaptureContext
RegisterWaitForSingleObjectEx
ReadFileScatter
CompareStringA
SetupComm
CloseHandle

ntdll

RtlIpv6StringToAddressExA
RtlSubtreePredecessor

user32

ClientToScreen
WindowFromDC

gdi32

GetFontLanguageInfo
PaintRgn
SetMetaRgn
DeleteObject
GdiFlush
GetBkColor
Chord

shlwapi

PathRemoveBackslashA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 847B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ