c0513b5e7a560cb1664473b513e14e14_JaffaCakes118 | Triage

Sharing

General

Target

c0513b5e7a560cb1664473b513e14e14_JaffaCakes118
Size

137KB
MD5

c0513b5e7a560cb1664473b513e14e14
SHA1

d936710e836265c916ecf263449bf698d7e5f13b
SHA256

6deb09d896e09048b398ab17aeedebd5e3e8639f277075f209992daf7d9b8ca7
SHA512

1dd89d3a69bcf862fb3a088b887185a1f0f745f7a3a238fe44514b084908882b447fdf2ecc7835f405bf9ac392f57d4dc5a3cb8c1f79d2c0a7ffe03d45c185e7
SSDEEP

3072:T10MmIzxiwpIrmYBTJGTpZZGu3uihf4S0o0VVTRh1kz5unmMd:RhliwpIrF1MWiIoY9kty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0513b5e7a560cb1664473b513e14e14_JaffaCakes118

Files

c0513b5e7a560cb1664473b513e14e14_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

59bb63af24beb01b5b294c1c6253fcd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord6467

msvcrt

_except_handler3

user32

IsCharAlphaNumericA

advapi32

RegDeleteKeyA

ole32

CoTaskMemFree

oleaut32

VariantClear

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 14KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE