b1f9122d658556f36ed7995ce3f28b8f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1f9122d658556f36ed7995ce3f28b8f_JaffaCakes118
Size

101KB
MD5

b1f9122d658556f36ed7995ce3f28b8f
SHA1

63bbc968274ff6a7293770bd0c2bbcf4c528f8c4
SHA256

846ae200f699a10f71d23b314816c4483d3d281c63146e2c9c150a8764bc101d
SHA512

18b10600c674f113bd5d2db00e5133a145ad05d52bb0af4cf11a82a9f0661bfea16b0e4f9ca34671fe7782d91f396dd72d05514c880f41d291b834849bfd7c3e
SSDEEP

1536:KC+41XFv7jX/YxQ6VJjdcUogLV7T+ESHrl23qN3IIRzTQiMosvpMu2YplBb4vqU:Kr4vvPvYbHDZHqCe3IAz5u2elBUSU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1f9122d658556f36ed7995ce3f28b8f_JaffaCakes118

Files

b1f9122d658556f36ed7995ce3f28b8f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

35a449ff7247d7c67e8dbeb18eab2d34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetShortPathNameW
VirtualAlloc
PeekConsoleInputA
GetProcAddress
WritePrivateProfileSectionA
Sleep
LoadLibraryExA
LoadResource
FreeEnvironmentStringsW

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Lobgocg
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 98KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ