df615a7bb7126515feaa5c16c4611bfd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df615a7bb7126515feaa5c16c4611bfd_JaffaCakes118
Size

97KB
MD5

df615a7bb7126515feaa5c16c4611bfd
SHA1

2727725fb323ffabfe9e77ea4880c4ef5970ecd8
SHA256

3755833047f3acbc85f8af91e55b3ec31eacc0c46b6f9903b63793ea5ccf973f
SHA512

fece466f62ed1a7332eb33b97c79ed84e48aa0bf6d6cb9f747676eb0307fb7377efcf8c4088b4dbc8c50c9d53a3cd512aa1a0155ba312dd018ddb87e8265ea09
SSDEEP

3072:ettqkBXjZgSGjIB+S4iNJwNYcMqgHKPzc:ehBTLC2B4i/os8Lc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df615a7bb7126515feaa5c16c4611bfd_JaffaCakes118

Files

df615a7bb7126515feaa5c16c4611bfd_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b49d973cdd5c44cbac38d3d008ffb6df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

PrivCopyFileExW
LoadLibraryExA
Process32FirstW
UnregisterWait
DeleteTimerQueueEx
GetCPInfo
GetProcAddress
GetPrivateProfileSectionNamesW

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Mknjgla
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 95KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE