e22ebb47d5964cc0eb499b2514101146_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e22ebb47d5964cc0eb499b2514101146_JaffaCakes118
Size

100KB
MD5

e22ebb47d5964cc0eb499b2514101146
SHA1

509146bdd4baa5cb3325975f2a843ab39145fb88
SHA256

c111e025f83e4d411bb6003f6646ecc1e0a3403f96dbd1eb360b6d68fb5e30e5
SHA512

41f71c5262378c33d314ec79da9339e66bbf792c3103b3748c0c5e1907b2a9720e1b6aa386109d1c2e0bb824efc9c9c060a99b9c87e94d51557baa5eb384718e
SSDEEP

1536:lIjT53K2GtE+ybDpvzQsUsfif4AwwHZszZsP4ubUd1DYYWKJSoqZi7mlRIKE+I:lG5aybBzKS+FwUZstYNUvYt6jIi6lul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e22ebb47d5964cc0eb499b2514101146_JaffaCakes118

Files

e22ebb47d5964cc0eb499b2514101146_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

caefb411f43230d601fa80911e86f523

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalSize
GetConsoleAliasExesW
LoadLibraryExA
ReadDirectoryChangesW
GetProcAddress
SetStdHandle

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Lonalon
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ