d0a06ad52c858d0019fd12f0ac552833_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0a06ad52c858d0019fd12f0ac552833_JaffaCakes118
Size

10KB
MD5

d0a06ad52c858d0019fd12f0ac552833
SHA1

1bb23fe1331e4e5e9a32c73994c7b2ba5214a7aa
SHA256

de245e29915eb7d31dc7b7c19e266a6dbc67d6455194f8816864051ee48d28fb
SHA512

b5ac2574422a5c04c1a670fd934049558cc46c6a9af8a371b8ecd71a5f0178e83d54e06718e5bb22fca509f41a9c02a09f6e8e121691cd4e90f2fcc80fb6719a
SSDEEP

192:p4OffqgoW/2txSzr85uGp0wrV0EGBwKFwLA1CQ3B2jwLhi/Rgh9IB:p4yocXCmmVRKwK753ksL4R/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0a06ad52c858d0019fd12f0ac552833_JaffaCakes118

Files

d0a06ad52c858d0019fd12f0ac552833_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5b5d0b705a2961da46eb24fb57755a56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetSystemDirectoryW
lstrcpyW
lstrlenA
MultiByteToWideChar
lstrlenW
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
GetModuleFileNameA

user32

MessageBoxA
MessageBoxW
wsprintfW
CharLowerA
DestroyWindow
ReleaseDC
IsWindow

gdi32

RestoreDC

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ