ea90de62e7b12cc6ce532cad1e200922_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea90de62e7b12cc6ce532cad1e200922_JaffaCakes118
Size

124KB
MD5

ea90de62e7b12cc6ce532cad1e200922
SHA1

b11a3585a16e5b27092f6c4a27e2265f371ec793
SHA256

41f78086c9788ce6fcd26ee2b9a64db18e638c3b4cc5b3d26d7feef736267be9
SHA512

5f3a9212957d560c8f9e8f9d79525e847173cb594f4f5f52f3a190a3c7cd7ebe47a5d5d8e6300186de70a45bb9289c2bc9a111fcb8911159d5372ceb40c69177
SSDEEP

1536:SpA9RRxFA8bFhBEI3iw5HpSUqo2nBhJpPbDsyZERjn281Mc4pTHV8m/2kQbgMjxa:zRNn3O8k/0Y8CcwT18m/CbBjxSblzu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea90de62e7b12cc6ce532cad1e200922_JaffaCakes118

Files

ea90de62e7b12cc6ce532cad1e200922_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1c2d42a4e533f3c86f1f4597355c880c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenGroups
CloseEventLog
CryptGetHashParam
CryptSetHashParam
DeleteAce
DuplicateToken

kernel32

WinExec
ExitProcess
TerminateThread

msvcrt

_chkesp
_ctype
_eof
_except_handler2
_CIacos

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE