dc739b70a5fa90a2405ef6efe362eaf1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc739b70a5fa90a2405ef6efe362eaf1_JaffaCakes118
Size

585KB
MD5

dc739b70a5fa90a2405ef6efe362eaf1
SHA1

1dd5a5b50a155f80299356e9c244e6a060040ca6
SHA256

286431b776baf942427e5ef3ea81564bfb10e4d92ab8a1c56f53fb9e7f158028
SHA512

a0acc7a58f46dc90a8396fd5ffefab248c5cdcd037b1773267f2bf8ac2fd427472fe1d37036d54cb750a28ffc9aa151999a02346a6d9805f8ba63db53f26820a
SSDEEP

12288:7r46eb7GB/rBfVV/TJKwQl6t6/ZTimaIWCcNkg9+TyTkhnAC:peG9Bfb/gct6NcCcH4TqkZr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc739b70a5fa90a2405ef6efe362eaf1_JaffaCakes118

Files

dc739b70a5fa90a2405ef6efe362eaf1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e558d9247760a85d82ee4d8a493a3129

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

IsEqualGUID

urlmon

URLDownloadToFileA

wininet

InternetSetOptionA

comctl32

_TrackMouseEvent

winmm

timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 570KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE