d3d1b0f0876719778ae34519f98802d3_JaffaCakes118 | Triage

Sharing

General

Target

d3d1b0f0876719778ae34519f98802d3_JaffaCakes118
Size

9KB
MD5

d3d1b0f0876719778ae34519f98802d3
SHA1

dfe67f335b3e3fb625af9a492573399e63a9b146
SHA256

8ff2b327e728c3db097d62c54f033ac7c7d8a8d25fca7d0d8c1ae44cb208e02e
SHA512

9ba11712e0a6cfa7444717d338dcea8fd1f1abd7f274c349c468cf6ab66344173f9fd3c7c764fc0dead87f2787118a849678da6736bbfab8911975cc60766553
SSDEEP

96:/RQh8/csunrQiBcteHolllQ6vYU9snt+rhqZRpGM/j/jaQK1Avk/Q6KYWo9e8lv1:OO/yrQR0GVsn8FIfrGA8/QKWfE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3d1b0f0876719778ae34519f98802d3_JaffaCakes118

Files

d3d1b0f0876719778ae34519f98802d3_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

463ffbcf58961ff7e9847dd84026aa0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GetFileSize
CloseHandle
WriteFile
CreateProcessA
LoadLibraryA
GetTickCount
GetCurrentProcessId
CreateThread
GetProcAddress
FreeLibrary
CreateFileA
ExitThread

user32

SetTimer
KillTimer

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ