e1b4344de2fc20e3ecd73efc08a3428e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1b4344de2fc20e3ecd73efc08a3428e_JaffaCakes118
Size

92KB
MD5

e1b4344de2fc20e3ecd73efc08a3428e
SHA1

cd7e40fc34a241ffee3f57b58c1605d250f789d2
SHA256

73da659d3517012fc85751c74aa9793e687684b09cb5330b8eac64e334844dbb
SHA512

62eeb9fadb87a51a70715023f0ae910dd578624d098c68f28058bac5db1a65b32b8c111b0696b2d4f39db7046a96934f7de0ee8c1372811b153443605324f118
SSDEEP

1536:cd5GXX42AQw0GKteZHl3FdtJwpXNn1rOFUmeWEYu:coXX41QwGwlVxUXN1rOpeWHu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1b4344de2fc20e3ecd73efc08a3428e_JaffaCakes118

Files

e1b4344de2fc20e3ecd73efc08a3428e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f9c6abd5a3585e266126265438ee20cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
Sleep
ReadProcessMemory
FreeResource
FindResourceW
GetTickCount
FreeLibrary
CancelWaitableTimer
VirtualFree
LoadLibraryA
TerminateThread
FindNextChangeNotification
LockResource
GlobalAlloc
GetProcAddress
GetSystemTime
FileTimeToSystemTime
CreateProcessW
MoveFileW
WideCharToMultiByte
SizeofResource
GetLogicalDrives
GetLastError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.qngshlf
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gmyrf
Size: 4KB - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pkmtgtv
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ