b6c69187e49513d7cbdd3fdd7c87b3bb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6c69187e49513d7cbdd3fdd7c87b3bb_JaffaCakes118
Size

100KB
MD5

b6c69187e49513d7cbdd3fdd7c87b3bb
SHA1

642496b7927e268afd3e29caaad4eca9a2b53755
SHA256

bce72b54146ed9beb9c94d6f24d35d07e8d2c67632904d6080bde78b1603446e
SHA512

b0dfee4ce2adfd8ca897302bf13550c3b7d0497e5c4aea781826e3a9580716fba81ae09c327641e36870e22b33b03ebddf1caddb18bc64b41be047d2b4f1e05b
SSDEEP

3072:1rY+wymciMvmyAvQ2RaULYXxumn1/hAzhXyp/+hit:rOHrQ2Ra11BSz5jh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6c69187e49513d7cbdd3fdd7c87b3bb_JaffaCakes118

Files

b6c69187e49513d7cbdd3fdd7c87b3bb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c2ffe82db6824745a7300ec7aa945228

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
GetDiskFreeSpaceExA
GetProcAddress
RegisterConsoleVDM
EnumResourceTypesA
LoadLibraryExA
GetDriveTypeW
CreateMutexW
QueryPerformanceFrequency

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Macpklo
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 96KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ