a73e13c9756d90b458a8bcdb8aa8b904_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a73e13c9756d90b458a8bcdb8aa8b904_JaffaCakes118
Size

186KB
MD5

a73e13c9756d90b458a8bcdb8aa8b904
SHA1

a74b75955c8371690a3a640909b8b4e296c58947
SHA256

fcbe8dbf22a3e447af4c18254f53700feb21198aaca6eea21ea3fd3d963ce909
SHA512

b4bcb846ec7e5e751c6f7fc0719cf817182fafbbee5468362de6a9bb9d87b2e50049d8a56fb6cd8ed74d9786cfa54139a83784343617198e998beee0a60df9b2
SSDEEP

3072:DbxBSAA7MsV3wiA1NP5jUzl5bp0SlhwcQtCQNHhU25ByRK0Ny78a5ICQOp3Zg:DbxsT7M83wDTPli1p0SlepHC25kBpcpg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a73e13c9756d90b458a8bcdb8aa8b904_JaffaCakes118

Files

a73e13c9756d90b458a8bcdb8aa8b904_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cc24a2096850417928e230724cb75750

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

wininet

FtpDeleteFileA

user32

GetClientRect

advapi32

AdjustTokenPrivileges

shell32

SHGetFolderPathA

ole32

StringFromGUID2

oleaut32

VariantChangeType

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

pec1
Size: 164KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 5KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pec
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE