d5e5875f93eeda4a3c522d442fff148d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5e5875f93eeda4a3c522d442fff148d_JaffaCakes118
Size

1.9MB
MD5

d5e5875f93eeda4a3c522d442fff148d
SHA1

f33a1f1066c455f1655402a6b16ce67d4babc28f
SHA256

b3cbe503d318864f56d2af78e2220b9d40bcdd962f1c1f1b79282e47753ec57b
SHA512

8a2215b30e4c03bb09da25a9eb656e0922cd7f4cf8b7c12aab339952c7fa044c32a4be9254097b9685f17a295750937f37dd8506a59b421ff0c9ce7931a8d1a4
SSDEEP

49152:xRQOQR1j3vbwgXmDbsL4pu2hAm9BoJaX0N6xT+aL:xRQOu1rzfaFJOxsEN6N7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5e5875f93eeda4a3c522d442fff148d_JaffaCakes118

Files

d5e5875f93eeda4a3c522d442fff148d_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

58e683abec29a387daf56221678b4318

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllIsQTInstalled
DllQTClose
DllQTInit
DllRegisterServer
DllUnregisterServer
QTRegisterExtensions
QTShowProps
QTUnregisterExtensions
RunDLL_QTRegisterExtensions
RunDLL_QTUnregisterExtensions

Sections

Size: 631KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

memuzsxf
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aodljdte
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE