d1968d024e436dbba4d9f96eb391b59b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1968d024e436dbba4d9f96eb391b59b_JaffaCakes118
Size

143KB
MD5

d1968d024e436dbba4d9f96eb391b59b
SHA1

88b377c80ff4ecf704d0fb4c26e010b9216eaee7
SHA256

28c600665140449473a97e8a981a22a8838fd14374660eecfdc29cad1bed9e13
SHA512

278bf4f15d20f626cc1590fbe52b23b7b20ff99a0baad303d5a830a2109f5cfaa5e678415277da34e4d2bfb95e65b62b7e010c59e31b4c9a8953f3b8150baa5a
SSDEEP

3072:mje8/4gOE4sBf0fDEE2FOganCUqAd5pEFKdBGWwer1EHh6:WeSOE4YChSOgaCUqIeFDh61Gh6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1968d024e436dbba4d9f96eb391b59b_JaffaCakes118

Files

d1968d024e436dbba4d9f96eb391b59b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7553eacac4bd3969b546e50e76393a8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

gdi32

GetTextCharsetInfo

advapi32

CloseServiceHandle

shell32

SHGetFileInfoA

ole32

StringFromGUID2

oleaut32

SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE