d5aeb3aaec4d64b494e8757b273335e1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5aeb3aaec4d64b494e8757b273335e1_JaffaCakes118
Size

36KB
MD5

d5aeb3aaec4d64b494e8757b273335e1
SHA1

5a03e4050795b61c35d574dc5eaacd051c70d312
SHA256

e73639da69832c97e31670c823e603142e224391868f2a123a66086077fbcd9e
SHA512

c0506088fb48a9a1db82fea30b03b411f0db6e5b43f725f415c2cbdcd202611473d950fb8197a13a89c59a8e520c3a400ac51d226d3779b117d1d5d2d884eaa4
SSDEEP

768:4eMhn8TC2j3wucDHhnI40oVM25F3T1Z5rnkoJNlbZK:4hn8TC/ukhnI40oaaF3RrnkKbZK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5aeb3aaec4d64b494e8757b273335e1_JaffaCakes118

Files

d5aeb3aaec4d64b494e8757b273335e1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b13b82793d06b5bc2754c62fe45fdc48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
InterlockedIncrement
GetSystemDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetModuleFileNameA
WritePrivateProfileStringA
LoadLibraryA
GetProcAddress
GetLocalTime

user32

DefWindowProcA
PostMessageA
SetTimer
KillTimer
FindWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassExA
CallNextHookEx
CreateWindowExA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

msvcrt

__CxxFrameHandler
_stricmp
_adjust_fdiv
malloc
_initterm
free
strstr
strchr
fopen
fwrite
??3@YAXPAX@Z
??2@YAPAXI@Z
rand
sprintf
_strlwr
_access
strrchr
fclose

Exports

Exports

DllRegisterServer
DllUnregisterServer
Mvu
OcfUBRqs
gKOqlLfXZPxwCK

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ