d706777d22dc493f03b5c069f561f79a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d706777d22dc493f03b5c069f561f79a_JaffaCakes118
Size

66KB
MD5

d706777d22dc493f03b5c069f561f79a
SHA1

90cc2148bc8344e8bc3342f3796d47f8f87b8b15
SHA256

4cdbb364dd51162f005db4a1cb9c72c652f86dc6a77c9728826b2cfe9f3202e3
SHA512

851a7ff18064b80971856a7250031393a52ab5027e66831b41ddb17f65a622693be301aee5ce47afef059019b42d6832b52990cde4712c1827a418bdcd3e8376
SSDEEP

1536:XBjV+Pr0dekraSQlEytaFPrmn1xyJD21E/zKBu7h8Z6I6:a0dzrP6QFPs1pELKBim96

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d706777d22dc493f03b5c069f561f79a_JaffaCakes118

Files

d706777d22dc493f03b5c069f561f79a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

26d1f9f75adfc99ee67bac0d640ad3fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

SHDeleteValueA

ws2_32

gethostname

wininet

InternetOpenUrlA

user32

DialogBoxParamA

gdi32

CreateCompatibleDC

advapi32

RegQueryValueExA

shell32

ShellExecuteA

ole32

OleInitialize

oleaut32

SafeArrayCreate

gdiplus

GdipGetImageEncodersSize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 59KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE