ea7be995ebea8360c175c95be7e94859_JaffaCakes118 | Triage

Sharing

General

Target

ea7be995ebea8360c175c95be7e94859_JaffaCakes118
Size

100KB
MD5

ea7be995ebea8360c175c95be7e94859
SHA1

2f43d54e6302f94fb2de9bd7eb8463f080b4969b
SHA256

e1e699380bafa105b7888a179bbcf927db9bb1b9f628ee00b20141cd8f1395ca
SHA512

ad045dbacf9a52d1106b13ce510f042310675ca640792e8aa331ec58cb649dee1886bbcc1babc2645fa89d056f9f57415cdd44d7ccea11b08f3dd068bd575b2c
SSDEEP

3072:GT+1iibtEGNYpt3AcWwJNdxRIAJm4qD3n:N8ipEGUt380RIKO3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea7be995ebea8360c175c95be7e94859_JaffaCakes118

Files

ea7be995ebea8360c175c95be7e94859_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0ace9823e60d881ed03d0196bdaa0243

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetCPInfoExA
GetProcAddress
EndUpdateResourceW
LoadResource
RtlUnwind
LoadLibraryExA
GetEnvironmentStrings
GetCurrentProcessId

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Hackcco
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 462B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ