d26eb41a4c2736b0d3dbbac6bc4bbf97_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d26eb41a4c2736b0d3dbbac6bc4bbf97_JaffaCakes118
Size

102KB
MD5

d26eb41a4c2736b0d3dbbac6bc4bbf97
SHA1

504ae0512b91fd8ccf78b3eab6e4b4c5fea1af16
SHA256

b89d29b87498fc0cdf71de7bb5c2d162c6ef5850adb49877d097c5bd56cf2951
SHA512

e66dbf5492e533718ae68387f55eaced8204dd0ca62419fc4c82cf2fc92c6d86b4234b79b02dec25cbbb177066aa7dab655df573544200a4a1c9998fa62f16ef
SSDEEP

3072:hUbL5YYhAuOs9qftOjMm6iHP0+LNkI0uK0MDW:+L5YEABsoftSbHP0+LNk6Kh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d26eb41a4c2736b0d3dbbac6bc4bbf97_JaffaCakes118

Files

d26eb41a4c2736b0d3dbbac6bc4bbf97_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1dadb01a85d5c5f995e97df02edb9e66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetComputerNameA
GetProcAddress
SetCommMask
LoadLibraryExA
GetEnvironmentStringsW

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Hpclkme
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 98KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ