adae102f541cf3d9c8e3f358b70396fe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

adae102f541cf3d9c8e3f358b70396fe_JaffaCakes118
Size

100KB
MD5

adae102f541cf3d9c8e3f358b70396fe
SHA1

f4dffbd1dad3a13384f60da68d3df326033b6f05
SHA256

7eacf56aec9f4db6eeef8658f05c916093bb45dff6d836369ef59bf89e26e960
SHA512

3edf318894a76b1dd1bed3a32dc48bfe6941f5b5db09a2c4e4ec8b05e1dc7c7e7f6e98d3de6be7b5aa37eecde003150828cdff646fb6f4f97bd373a2ec26cbc2
SSDEEP

3072:3TVLqeAqmExKAlLw9TnhUnf6mwWqM32Gm:3TVLqDqmpAZYsMo32

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adae102f541cf3d9c8e3f358b70396fe_JaffaCakes118

Files

adae102f541cf3d9c8e3f358b70396fe_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7d81aca137f736ab9e869e849aaee1be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GlobalAddAtomW
GetProcAddress
GetSystemDefaultLangID
LoadLibraryExA
GetProcessPriorityBoost
SetTapeParameters

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Gakncil
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ