bd49369ee6ea4c99b05e6bbae9496e4a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd49369ee6ea4c99b05e6bbae9496e4a_JaffaCakes118
Size

83KB
MD5

bd49369ee6ea4c99b05e6bbae9496e4a
SHA1

bfeb21d5e45b158c846417bd0324ee0fa7a471c0
SHA256

ce7b6a53c412cd1e61b9a434c6ed76242b6a77e0a20a0b45110b8c87943ebd7f
SHA512

9145afeb7b6a58be33239852143edd4249c1ede409718af38e1eb04a4eaaa729f78cfd6ba945dedc4f3301798e91265b66bac200cc7e230434a31720dc27339c
SSDEEP

1536:e0+8meaPalNzD3m+SHV3uhsSdXiX2lht2de0FINS6TQiOqHQ9iCLlpG:e0+8meayS1e+8iX8t2dtcjIi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd49369ee6ea4c99b05e6bbae9496e4a_JaffaCakes118

Files

bd49369ee6ea4c99b05e6bbae9496e4a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

3ba4399ee4bb8d2228dd70ffe7475381

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

gdi32

GetTextCharsetInfo

advapi32

OpenServiceW

shell32

SHGetFileInfoA

ole32

StringFromGUID2

oleaut32

SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE