bbd4d82db49b2e54c0abb32d68823084_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bbd4d82db49b2e54c0abb32d68823084_JaffaCakes118
Size

505KB
MD5

bbd4d82db49b2e54c0abb32d68823084
SHA1

7748422360142327a9de5a55973f065540838623
SHA256

402517694386f39cbd3574b2fa639de70a2968fabc115f82cb5fae743cee974e
SHA512

fb9a1d97999f06660dd8e961bde441bfd1c88e72351bb834bf2be861f94700852dab3c3a0405845c8ee3fcd16057e4df3cdb4c604aed80b5b9d97b02c44e0c17
SSDEEP

12288:4QkBuHsZfYLyB9SqoKumDXh1al+hte5+tAL7LwOJ50UWpGtJxKYQ:dHnqoKpXLaUygKPwob

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbd4d82db49b2e54c0abb32d68823084_JaffaCakes118

Files

bbd4d82db49b2e54c0abb32d68823084_JaffaCakes118
.exe regsvr32 windows:5 windows x86 arch:x86

0021f47781268b6caaf314d0b686997c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

ExitProcess
FreeLibrary
GetModuleHandleW
GetVersionExW
lstrcmpiA
GetProcAddress
DeleteFileA
VirtualProtect
GetCurrentProcess
GetCurrentThreadId
GetTickCount
lstrcpyW
lstrlenW

user32

wsprintfW

Exports

Exports

CPlApplet
DllCanUnloadNow
DllGetClassObject
DllGetClassObjectEx
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
DllUnregisterServerEx

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stub
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE