db6749ad9cdf0d7cf594027a58983aa2_JaffaCakes118 | Triage

Sharing

General

Target

db6749ad9cdf0d7cf594027a58983aa2_JaffaCakes118
Size

388KB
MD5

db6749ad9cdf0d7cf594027a58983aa2
SHA1

1351cbab2c3c1192240a05d4673f02bdc3c1bff5
SHA256

ce8066f1b34af3108731220d87bcbb5a97754e0b842849a49582da92ea636f48
SHA512

d2942adf022d5c65b57b80e895f8a810fd54f3d250d1b31c4817df247b9b27808bd0abd82ff891f5c8660659338b27425f7f23ae1486acbb13973364ee3403b5
SSDEEP

12288:X4cBHN4uqvIKUdvsaCigSH/BUURRoPd52vo:X4clN4u0oB/aURePdL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db6749ad9cdf0d7cf594027a58983aa2_JaffaCakes118

Files

db6749ad9cdf0d7cf594027a58983aa2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a01aada07e1345c57ca946351da9b9d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

IsEqualGUID

comctl32

_TrackMouseEvent

urlmon

URLDownloadToFileA

wininet

InternetSetOptionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 368KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE