d3f17fef03a632195295adf972107263_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3f17fef03a632195295adf972107263_JaffaCakes118
Size

45KB
MD5

d3f17fef03a632195295adf972107263
SHA1

0a86e1221deab44a102222495e7e81bd27c03ba9
SHA256

eb7184ab4186aa9bc56751409d607d6bf946150cc98551118a78fdc1552cf470
SHA512

395cf897e1c7abe20f12a4be5f7928f3d89159c5c414860c07a26163e932fac2b4dc6b09e171a9e70823c9fe173d4a0b8be65a48d3b4453b1360546445c1fc40
SSDEEP

768:ApYN/wCBQjNiNTWERGQQS5zLhfZAdkPDL9OBxOGogGVLghsrBWM7DtQ:AmpwC+jNgCERGQjtLhfZok9RMGtq+BWX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3f17fef03a632195295adf972107263_JaffaCakes118

Files

d3f17fef03a632195295adf972107263_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

3363ebacc6981641249b61168f3ae274

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

advapi32

RegCloseKey

ole32

CoTaskMemFree

oleaut32

SysAllocString

user32

CharPrevW

drmclien

ord4

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 38KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE