d6cb501790385a163ed2f9b049ce672b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6cb501790385a163ed2f9b049ce672b_JaffaCakes118
Size

94KB
MD5

d6cb501790385a163ed2f9b049ce672b
SHA1

fa6fe8a8f4e8e54cc8e2374ee7862a6449123131
SHA256

12bea2e017b3df25698d12ff9ce9c52a3a8b965906785e9c1bc9269d84eff4d6
SHA512

212d7d1cd44d2b7f278d5fa6a0472da1c0da2c79813ec9ffa6ea718550c4a6a968572612a34804b4475aa6ce956b2f8c10fb8f799abc964c3ae45b49f7456b5b
SSDEEP

1536:rxWgutYZYAPIYFCte87LDyHB9B4GEVMMzXTgP441fd8gzc1SM3EPx0YjBRaFYflE:IDmZ1PI3MKmHrf9P4WfyscN3K3aJxR3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6cb501790385a163ed2f9b049ce672b_JaffaCakes118

Files

d6cb501790385a163ed2f9b049ce672b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0e7aaae5959a2b85311510885eaf14df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

advapi32

RegDeleteValueA

shell32

SHGetFileInfoA

ole32

CoTaskMemAlloc

oleaut32

SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 53KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE