aa428ece5b56f9cfcbc411a2c52e3396_JaffaCakes118 | Triage

Sharing

General

Target

aa428ece5b56f9cfcbc411a2c52e3396_JaffaCakes118
Size

9KB
MD5

aa428ece5b56f9cfcbc411a2c52e3396
SHA1

d2358c520ffe85babcab4d46c921a7b4b2123088
SHA256

bd7d81b8d9cc268585cc7abd5b389d276a608f3115f49829ab147835231d0b20
SHA512

e5a2f9f1ec3a78d00e346931272e713daeee9f7c89815282444e810bc33861b1aa49bccd49ba6290fd05309c0df0c73f38e3c50cd7f8970a6ad78376ee77994c
SSDEEP

96:L/doFb+3/fnX2CKIqJbMLTxCrFhsMdnCsEA5tRFyfaU6mW377SpvGMXLB:LGM3/3jKMLTMFhsKEA5tTyOzrMGMV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa428ece5b56f9cfcbc411a2c52e3396_JaffaCakes118

Files

aa428ece5b56f9cfcbc411a2c52e3396_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5aa9600270c7a740566a98f13d6e4e13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

UnhookWindowsHookEx

advapi32

RegQueryValueExA

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE