a7146b6fd629875b2dd678fe6976d8b7_JaffaCakes118 | Triage

Sharing

General

Target

a7146b6fd629875b2dd678fe6976d8b7_JaffaCakes118
Size

101KB
MD5

a7146b6fd629875b2dd678fe6976d8b7
SHA1

efe33dcd47e2b3db97b3c5cb1d62ff2555c2822a
SHA256

f227e675409508782396e18bb63dea7d1bb6225037cf3727011cc557fc5fc4f5
SHA512

df4ff0238173500d932ee09ea4ab39a01c73555b1f627a7091903f7c035499f90afccc4de505e2a90e03309abf2ca0a3ad706e12e8967291fc9bb4ae1bfa80f6
SSDEEP

1536:QoCsxITGjeKNpiOPtW/bEG/P+ThaI2k6weMQKZICWIQ1X+Ec6d7mdf5kBYXL5iZ+:5uHf73YEGU3pf5GLcZf9Pg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7146b6fd629875b2dd678fe6976d8b7_JaffaCakes118

Files

a7146b6fd629875b2dd678fe6976d8b7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

763bfd3ad4d178f20ccdf116152f037f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalSize
GetProcAddress
InterlockedCompareExchange
LoadLibraryExA
LocalFileTimeToFileTime
FindClose
MoveFileExA

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Ngnongn
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 438B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ