dad16bf347775b257c768999de210dd3_JaffaCakes118 | Triage

Sharing

General

Target

dad16bf347775b257c768999de210dd3_JaffaCakes118
Size

96KB
MD5

dad16bf347775b257c768999de210dd3
SHA1

7fc9c0f7a0a700986fe0e26c61040076818cf6d6
SHA256

490c3d1259ace8edb40f1d2e4a51fdb56e5c681939d003a03982188efa672374
SHA512

372d387911eb716c64aa2644eb2acf37553a62df11375fc155697bd03bafb480584bf79398816eeb14d881c274efb3a21d79970feb04175a05f30e98fdced168
SSDEEP

1536:lOD6jan48vlb+02jDnt/UMfl/6EAwzYOsGO3tFjtQngww93ICMUW6Pv5v95jEHYR:lOeQ489bK5/zwB3tEpw9bDLPIbMeYB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dad16bf347775b257c768999de210dd3_JaffaCakes118

Files

dad16bf347775b257c768999de210dd3_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0521691948f3231fec24490c8f46df65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSizeEx
FindNextVolumeMountPointW
LoadLibraryExA
BackupWrite
GetProcAddress
BackupSeek
MapViewOfFileEx
InitAtomTable

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Klcgill
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 94KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE