db2a26f6b9be264be5834764341660d0_JaffaCakes118 | Triage

Sharing

General

Target

db2a26f6b9be264be5834764341660d0_JaffaCakes118
Size

56KB
MD5

db2a26f6b9be264be5834764341660d0
SHA1

66f79380d89b142c6140c17e03d4e318da5c6588
SHA256

c56e554b18a841cafbb8bbdf441080052dd7f125350a7e45678dabb0ee9447f5
SHA512

c06bc76a964a2ba87f0b9ec8f1c58c61bf3d5bd35e7ef3c108b76a79f622744af65a67d4e55a2d70e8f18838b18da2ed1f5946cc6b217da4fcf0536ccb18049e
SSDEEP

1536:uurO+t7zUXu6f99QPeeu4TGa2e0DAwI5p8Eui:uMFzmNVi2sTGKui

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db2a26f6b9be264be5834764341660d0_JaffaCakes118

Files

db2a26f6b9be264be5834764341660d0_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

ccaf25b739a0aadbcc443d5d45f09d02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

ntdll

RtlUnwind

advapi32

RegCloseKey

user32

CharNextA

ole32

CoTaskMemFree

oleaut32

SysAllocString

shlwapi

SHDeleteKeyW

shell32

SHGetFileInfoA

ws2_32

WSAGetLastError

iphlpapi

GetIpAddrTable

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 50KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE