d2fd673b1d437369450464d885362822_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2fd673b1d437369450464d885362822_JaffaCakes118
Size

16KB
MD5

d2fd673b1d437369450464d885362822
SHA1

a8914b301ba940f58cb7b8f0e7aded3a2a8c46e1
SHA256

c108e562c634bed06d7d0fc6e8dee7293e43a4f5e52a3947d1aaae3df2d129d7
SHA512

7cf254dc18a8bcc98deebc430308bcc86501bdc09e10866d4a2060cb4687565abf19b754eee5746fa4ca9b30d7e67a063311db85b1e15be71f4ece7359020ac8
SSDEEP

192:0MlwQ6twAOTZbAXvEd6aUM8p/lnYvTWC4Erv67rrBifvwf6lDkS9jwAEN9uPNmJD:lec6qgJ8ALVW9jxKypSIDOvNTp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2fd673b1d437369450464d885362822_JaffaCakes118

Files

d2fd673b1d437369450464d885362822_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

13329b053b993faba5a3aee24fcc631e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
lstrlenW
GetVersionExA
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
GetFileAttributesA
HeapAlloc
GetProcessHeap
HeapFree
SetFileAttributesW
Sleep
RtlUnwind
lstrcmpA
CompareStringW
WinExec
SetFileAttributesA

user32

wsprintfW
CharLowerA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ