aa80f6186d1aa6f82c1ad62c69b73d60_JaffaCakes118 | Triage

Sharing

General

Target

aa80f6186d1aa6f82c1ad62c69b73d60_JaffaCakes118
Size

99KB
MD5

aa80f6186d1aa6f82c1ad62c69b73d60
SHA1

2852438ef0f0abb37292c3ef53dd73c11e5a3517
SHA256

12cbc687ec8daa5d548a5d7d28985bcb63113dc8e5cb3f335afd2d725ba7e864
SHA512

5a7915a367ba48099049da40d0c13ddfdf8f632b3878e8475c0eef425dc327007da2228ed7b66b8a95144fbc85ddd369c3fbb72c3bbaa728b28730e412326a80
SSDEEP

1536:7dnVKnUcHDAX5r5LCsVn8AFetgNIcxWpnnlXKg1KGfukQOBDB9LQKCWF1E:7KUcEpr5LCk8KIqWlrLPt9PCj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa80f6186d1aa6f82c1ad62c69b73d60_JaffaCakes118

Files

aa80f6186d1aa6f82c1ad62c69b73d60_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c50e34718bcaff2a32a1f5478c543247

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryExA
GetConsoleAliasesLengthA
FindVolumeClose
SetConsoleKeyShortcuts
GetCommMask
GetComputerNameExA
GetProcAddress
FindResourceW
GetProfileSectionA

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Ckhgmac
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 96KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ