adbd4af1bb52978af6777ffab42d2d23_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

adbd4af1bb52978af6777ffab42d2d23_JaffaCakes118
Size

100KB
MD5

adbd4af1bb52978af6777ffab42d2d23
SHA1

ef6af78b0f01d1d0db13ed174ba7a0b172349288
SHA256

2490e88b8f0245b65dcd0932dfe275877cd3a6dbac934f83014b83693b876514
SHA512

dde85ec140bfc87feb01e982f586fa871e66b42336a77811d9e8eafe415849a9bbc8705322917c51dfec45b4f5f1b4e00e22a4cbf879ea84767fec3854c251fd
SSDEEP

3072:KX11K42osHzJLP8aGQPh5mbP8XDePnTZ/E:KX11nzsHzRP8aDZ5mj0DeR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adbd4af1bb52978af6777ffab42d2d23_JaffaCakes118

Files

adbd4af1bb52978af6777ffab42d2d23_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ec20a540b278a5d67d31f5538facebbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMailslotW
GetProcAddress
GetPrivateProfileStructW
LoadLibraryExA
SetComputerNameW
DeleteFiber

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Ekgmhkb
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ