d0398153c74633b1392894a4bdd7e7ad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0398153c74633b1392894a4bdd7e7ad_JaffaCakes118
Size

102KB
MD5

d0398153c74633b1392894a4bdd7e7ad
SHA1

6196971d570fb5fe14dc4d6a67c22629a6ed7eae
SHA256

7d5e6a7093bc1fb99f3026ee5172d3e5ec560978c42cf08f7fc87f9b2b6e3df9
SHA512

1311006cade6c53343d99b3aa531b1fc205a879eadf14d09152ac0c99f6781eb0e30db4f7afa7576b0788c6daee1418e3f081d4c10a75da03c20bc53c1dadd3f
SSDEEP

3072:UMzf7/KX9DsX4tb4o+/hQ1TNjz3kQ12s8HUJh:HzDS9oItb4/hQjz3k20UJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0398153c74633b1392894a4bdd7e7ad_JaffaCakes118

Files

d0398153c74633b1392894a4bdd7e7ad_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

560bfd04a72864548e3229d232b92c2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryExA
PurgeComm
FindVolumeMountPointClose
GetProcAddress
FindFirstFileA
GetPrivateProfileSectionW
CopyFileExW
FindFirstVolumeMountPointW

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Gnccobl
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 98KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ