abdf2b96a9e81c5f49adfff04d07714b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

abdf2b96a9e81c5f49adfff04d07714b_JaffaCakes118
Size

1.6MB
MD5

abdf2b96a9e81c5f49adfff04d07714b
SHA1

98bd6af63d06045d68f4a5c870a3acbc86469338
SHA256

0f6318fcf486a2ad919985fdb3a3f5724cbd85e55d402c75bf69292ea8e5f056
SHA512

a15ec2f75472b13e88afeebbf682846f519061252c05d4a3f253e5fcde9bbf3687cc562214552e2e4b1f27499972b480634f5c7f0724e0ca9ab651a77ffdf4de
SSDEEP

49152:unqBgVEOUBXwTYj7ezTdcl/2OzPuyHkbq4YDB:vsrmXqYO1ScGDB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abdf2b96a9e81c5f49adfff04d07714b_JaffaCakes118

Files

abdf2b96a9e81c5f49adfff04d07714b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

27483f7cbd4dc00b724c419dad38701b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetPropA

gdi32

GetViewportExtEx

winspool.drv

ClosePrinter

advapi32

CryptHashData

shell32

SHBrowseForFolderA

wininet

InternetGetCookieA

oledlg

ord8

ole32

CoRevokeClassObject

olepro32

ord253

oleaut32

SysAllocStringLen

urlmon

URLOpenBlockingStreamA

version

GetFileVersionInfoSizeA

rpcrt4

UuidToStringA

Exports

Exports

?RunAutoUpdate@@YAXXZ
?RunEditor@@YAXHPADW4RfObjectType@@@Z
?RunPassGen@@YAXHPAD@Z
?RunShellWindowsWatcher@@YAXPAD@Z
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE