d6b2d586cb594bd6a96f6a109a466b40_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6b2d586cb594bd6a96f6a109a466b40_JaffaCakes118
Size

54KB
MD5

d6b2d586cb594bd6a96f6a109a466b40
SHA1

4f498927889e5dfbbac42039061c324f7c4bbccb
SHA256

b6b4b242709a1977303cb640615d32d713afe9746af42361efd5421f01969ff4
SHA512

d0d9e961fde9ec91bcd4bc34d3d160aabd650b4381acbb12aaa47a54cc06296c55db54ef81c6194554592a0a4ae04e68e2803de7d81996ec81c28708cd7de84a
SSDEEP

1536:ZIR2Unnnns/jiRwjoubov74yB9zBbKoX+3bfuRNUPnny7rHBU1nnn3:akUnnnnEjiCXI7X1bHX+3DSCPnny7rHQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6b2d586cb594bd6a96f6a109a466b40_JaffaCakes118

Files

d6b2d586cb594bd6a96f6a109a466b40_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a543e780db983cc13b534cadac598376

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetModuleFileNameA

msvcrt

realloc
free
malloc
_initterm
_adjust_fdiv
_stricmp

Exports

Exports

DllGetClassObject
DllRegisterServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ