b4d18533f70215942024a5d4b826cde2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4d18533f70215942024a5d4b826cde2_JaffaCakes118
Size

101KB
MD5

b4d18533f70215942024a5d4b826cde2
SHA1

80c41e8ee0f4ec55e69a27fc6adcaaad2fc6596d
SHA256

9665891025598b42e9e353293ba102f028cc232f11d2b38ea1e6adc72d509dd6
SHA512

ecc8ba674935bc97917b65db7978f6d4fb1b2edd62b043c0968b675cfb21d676390913d8f243ccd745075023b3c201b0aacd03443c581c694fe0ccdde05a2b0d
SSDEEP

3072:3xiTGzGZs10RWk6w5oqSenfWdeN6OiZN3icjt:3YTG0wh2F3Od8hiv3rj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4d18533f70215942024a5d4b826cde2_JaffaCakes118

Files

b4d18533f70215942024a5d4b826cde2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1a4bd7fb9b5a2b4802c8e244acd2885e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetConsoleAliasExesLengthW
LoadLibraryExA
ResumeThread
GetThreadContext
AddConsoleAliasA
WriteConsoleOutputAttribute
GlobalAddAtomW
GetProcAddress
GetVolumeInformationW

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Mgccimo
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ