eac824312154f51ea6e353e28c648815_JaffaCakes118 | Triage

Sharing

General

Target

eac824312154f51ea6e353e28c648815_JaffaCakes118
Size

1.6MB
MD5

eac824312154f51ea6e353e28c648815
SHA1

14ab674127193843c9bfb27dfa00b3c002ddec63
SHA256

4d704d8fc743a152a13ce4fc189ec47f99b1d678f1ae19fa6951181ca9bca6b7
SHA512

71599c90eb1f610c46ee85cb7f31f506ca479617ef08ecb0105a677e50bd9ce06030af80d7be8c1304d222d9fb2d5352c009946855f2e7706258851512d4def4
SSDEEP

49152:CqYX7TAdXhCxlFBUImPbW9YyCC2TCrCteUlq:LYMXhAl/mz9PC2Tjtev

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eac824312154f51ea6e353e28c648815_JaffaCakes118

Files

eac824312154f51ea6e353e28c648815_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

27483f7cbd4dc00b724c419dad38701b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetPropA

gdi32

GetViewportExtEx

winspool.drv

ClosePrinter

advapi32

CryptHashData

shell32

SHBrowseForFolderA

wininet

InternetGetCookieA

oledlg

ord8

ole32

CoRevokeClassObject

olepro32

ord253

oleaut32

SysAllocStringLen

urlmon

URLOpenBlockingStreamA

version

GetFileVersionInfoSizeA

rpcrt4

UuidToStringA

Exports

Exports

?RunAutoUpdate@@YAXXZ
?RunEditor@@YAXHPADW4RfObjectType@@@Z
?RunPassGen@@YAXHPAD@Z
?RunShellWindowsWatcher@@YAXPAD@Z
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE