c1bdba8a255aa2cfd6fbbda6334ea50d_JaffaCakes118 | Triage

Sharing

General

Target

c1bdba8a255aa2cfd6fbbda6334ea50d_JaffaCakes118
Size

100KB
MD5

c1bdba8a255aa2cfd6fbbda6334ea50d
SHA1

9dd7cb82cb32bcfc41528757ec0cfb9fc4842883
SHA256

12b81f671e0227ce9a6941a7269d99dd2759f6188ff58b649ca97b686e9bfb2d
SHA512

758953ae256334a6961fb23e042a8a0a5c06a50c14f42bc5a0028bb3725119c034a60eb49d884f5577fc84ed5ebfba1f6cc8df2a796068fcb8f0e5f292a79fae
SSDEEP

1536:lJbiQXTujCGJPD+f+C0duEljYg98RtTQRVKgOkrSXgm8zuksFHuJaCU2h87D:lJbhXaOGJ9VduEJwFQ7qfbOJ62W7D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1bdba8a255aa2cfd6fbbda6334ea50d_JaffaCakes118

Files

c1bdba8a255aa2cfd6fbbda6334ea50d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c34ccf81a13d2500cb99fa6e1614f9b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

Heap32ListFirst
GetProcAddress
GetConsoleAliasExesLengthW
ReadConsoleOutputA
SetProcessWorkingSetSize
LoadLibraryExA
GetConsoleScreenBufferInfo

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Onmonmo
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 96KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ