b5bc7ad15f39d96df6030104b7f32234_JaffaCakes118 | Triage

Sharing

General

Target

b5bc7ad15f39d96df6030104b7f32234_JaffaCakes118
Size

17KB
MD5

b5bc7ad15f39d96df6030104b7f32234
SHA1

65b4a8b0488cf0f369d25431530a056c8d366bbf
SHA256

87cf6fa30e142b6563c7a2330ddce1d29aff51ef22591e5ddf3efe7e4856a931
SHA512

bb1252059d9983b9d80129849d325097170dbea9fec521263d3ade637940bb8a6f5b8b8c9476093a20544bcaa09a85c9866a24fa27f368ad0c7cedba2261d4c4
SSDEEP

384:FMw9BSgb79xitG3HZnF0Ylq+hUqV1EjWKo7TxtCb:FMOBH7neG35Frsiwq7fxQb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5bc7ad15f39d96df6030104b7f32234_JaffaCakes118

Files

b5bc7ad15f39d96df6030104b7f32234_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

61e5c92ad2d0118f34509148e7b07907

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wininet

InternetCrackUrlA

ws2_32

recv

msvcrt

wcscmp

atl

ord30

user32

IsWindow

oleaut32

SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 11KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE