bc6f8db8091e0bdb95cc30a6d4d3a911_JaffaCakes118 | Triage

Sharing

General

Target

bc6f8db8091e0bdb95cc30a6d4d3a911_JaffaCakes118
Size

205KB
MD5

bc6f8db8091e0bdb95cc30a6d4d3a911
SHA1

8f0817318195ed7cf91f34f4382d89ae811517d9
SHA256

5e513c78b9a46280de788b7d18eae8b35e67cad9249ab523a54726658a5cd2fa
SHA512

2e9d5bbb12bff056b10334d86ffe6715de33213410174444b5b49ca9d8beb18f1cc955bf2b5ce6cc29235a2eab6afd9d123ba5a6c992ba5d6e68c99ac30fab12
SSDEEP

3072:TMg1/mVuoeYonh94ebQu1q8OMbHPtMXV1HwH6POdqXSy4QXvJ:wglSuYoj4uTeXq6HSyb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc6f8db8091e0bdb95cc30a6d4d3a911_JaffaCakes118

Files

bc6f8db8091e0bdb95cc30a6d4d3a911_JaffaCakes118
.exe regsvr32 windows:4 windows x86 arch:x86

cad309b4a9c3b11f7e7bf7a94e5d438f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
RtlZeroMemory
ScrollConsoleScreenBufferA
RtlMoveMemory
VerSetConditionMask
lstrcpyA
RtlFillMemory
RtlCaptureStackBackTrace
RtlCaptureContext
RegisterWaitForSingleObjectEx
ReadFileScatter
CompareStringA
SetupComm
CloseHandle

ntdll

RtlIpv6StringToAddressExA
RtlSubtreePredecessor

user32

ClientToScreen
WindowFromDC

gdi32

GetFontLanguageInfo
PaintRgn
SetMetaRgn
DeleteObject
GdiFlush
GetBkColor
Chord

shlwapi

PathRemoveBackslashA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 847B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ