da6d9c603e0ab81f9319825069701482_JaffaCakes118 | Triage

Sharing

General

Target

da6d9c603e0ab81f9319825069701482_JaffaCakes118
Size

752KB
MD5

da6d9c603e0ab81f9319825069701482
SHA1

666a0ccd56dd86c71d1f6c5ec8aa2a59871362e8
SHA256

62f046f66243dfc04a85b59e9e78ea55bb2583d0a71b97a40d2dd5eaf7292a77
SHA512

a16d4a761230cbf6d67a5c7e3bfeab9bcb0255044f0ca19fa7498b4dbe11de1feacf974e763885c008bc82df762dc34de471cabfa4013764415a7bb5fdebfb9b
SSDEEP

12288:Ak+LJduF6sv5l6X/en2g+0t1VyZ6YNE3QvM2YGP4WpuIVaBj9a1UPENkkUAlZiV4:AHJduFt5lq2n2g+80MYNE3QvM2jpjVaS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da6d9c603e0ab81f9319825069701482_JaffaCakes118

Files

da6d9c603e0ab81f9319825069701482_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9532e77b31ea9b7a0c71ca8f823cbab9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
GetTempPathA
HeapAlloc
CloseHandle
DisableThreadLibraryCalls
WriteFile
DeleteFileA
CreateFileA
HeapCreate

shell32

ShellExecuteA

atl

ord21
ord18
ord15
ord16
ord57

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 615B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 732KB - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ