c18fb93d58dbc16d752e7481efdcf3c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c18fb93d58dbc16d752e7481efdcf3c4_JaffaCakes118
Size

2.3MB
MD5

c18fb93d58dbc16d752e7481efdcf3c4
SHA1

e8ee6f6719ea2a1f68067f8fb9c0a2fefdc64459
SHA256

64621fa68687530304bb8f034bfe96c22382d7a6583ff693e4535639af400474
SHA512

4d17f1c19180775e78d1556718fe41ebc81ebf07ce6e5aa6378a6e575377d8289a02ca58d413cc83da27f746bf796fd231edf5b2f30566e5d4bda6899e25f1dc
SSDEEP

49152:MHp2KHupEfwAP5zes2ocMmTFSk728zg2vpB0+mo8k:6p2S3bhl2Lx79zg2Y2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c18fb93d58dbc16d752e7481efdcf3c4_JaffaCakes118

Files

c18fb93d58dbc16d752e7481efdcf3c4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ac4cb6183f51432417215062c6b3e14e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FatalAppExitA
QueryPerformanceFrequency
GetUserDefaultUILanguage
IsValidLanguageGroup
lstrcmpiW
ConvertDefaultLocale
GetProcAddress
ClearCommError
WinExec
LoadLibraryA
SetEndOfFile

user32

GetScrollInfo
MoveWindow
ModifyMenuA
GetSystemMetrics
GetClassInfoExW

shlwapi

PathIsDirectoryA
StrTrimW

advapi32

OpenServiceA
OpenEventLogA

shell32

SHBrowseForFolderA

gdi32

CreateFontW
SetColorAdjustment
SetViewportExtEx
SetMapMode

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ