cfb27b634ac9993c398d0c22da38b187_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfb27b634ac9993c398d0c22da38b187_JaffaCakes118
Size

10KB
MD5

cfb27b634ac9993c398d0c22da38b187
SHA1

168644f4a4ef461c0bae2a00f36fc04313fcfa04
SHA256

c6614523aaa4659e4a9c25b5230fd35cf48cda9affb5e1dc554cacad70a437d6
SHA512

73c1d6ddffc51390fcd6e692022983df588ede8478a8a7e9eafe8432d2b7af6f9e79c2b28536b40fbf31ce792fe3ccb4b6d622e96e085a0f1ff7a46e96912a47
SSDEEP

192:LLffRvjc0k8KluB5AWpfrV0EGBwKy+8sHxwgXJIL/R+y9:LbR434BVRKwKyTEwgX8R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfb27b634ac9993c398d0c22da38b187_JaffaCakes118

Files

cfb27b634ac9993c398d0c22da38b187_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7b0a428d9a5994d535f699266529c778

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
lstrlenW
GetVersionExA
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
CompareStringW
GetFileAttributesW

user32

wsprintfW
CharLowerA
BeginPaint
GetDC

gdi32

RestoreDC

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ