b3b277346ad2f4bb57d2507da5185a6c_JaffaCakes118 | Triage

Sharing

General

Target

b3b277346ad2f4bb57d2507da5185a6c_JaffaCakes118
Size

199KB
MD5

b3b277346ad2f4bb57d2507da5185a6c
SHA1

304d3db5f5f43f265c393fb645b337ee91fecfdb
SHA256

c95420abad9909e5d8f76324673129183c0a10bb9b4ad48bb812c4a3e0baa84a
SHA512

ed81065c46e0caa16182ae3f3f3f7f9216de79327ea9e6d14fab11f65025e5a96361c432f6f79b8352745955a479be8f54cee90be33d7392435836d3def1e46d
SSDEEP

3072:j+pn0RwIpgowEqVJkDg69PeMCO7kZtPi5JLa6ISC1K7fLQTRa5Kf1QEbX8:il0Rw4gLFHiXCVZel4R1EDQTRa5K9xb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3b277346ad2f4bb57d2507da5185a6c_JaffaCakes118

Files

b3b277346ad2f4bb57d2507da5185a6c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5a99e2098d72afbe19dbe9a68f2232d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoTaskMemFree

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 190KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE