d753c26be30cf4cbff5252a7559ca57f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d753c26be30cf4cbff5252a7559ca57f_JaffaCakes118
Size

10KB
MD5

d753c26be30cf4cbff5252a7559ca57f
SHA1

2a6d3c7479987217fcebd839af4613763f68d1cf
SHA256

d60230e32cb4633fb95ef0b9255af4323b8ee9a9a858c199267a8cbd62a64dae
SHA512

60dfa555496b986a722f1ca311d5c23d4aa96da9d9f20ce3b450f9bdb858e709916f6e8b2262d1d34994b5c859aa39a01f9d83ae3e382665629095a18208a5a3
SSDEEP

192:3FjQ4Ehigo49IDsMgFeM6eU+z1n9nqQAic:3iip49VMgFeM6evzd9B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d753c26be30cf4cbff5252a7559ca57f_JaffaCakes118

Files

d753c26be30cf4cbff5252a7559ca57f_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

cb9fc98a5d2b1a840fee1a63188f5164

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueW
SHDeleteKeyW
SHGetValueW

msvcrt

??3@YAXPAX@Z
wcscpy
??2@YAPAXI@Z
srand
free
_initterm
malloc
_adjust_fdiv
rand
wcsstr
wcslen
memcmp
wcscat
??1type_info@@UAE@XZ

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ