f6e2061d50bf9600566fa27ae95c82cc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6e2061d50bf9600566fa27ae95c82cc_JaffaCakes118
Size

228KB
MD5

f6e2061d50bf9600566fa27ae95c82cc
SHA1

835fa4d9992ca2ed1c0078f4a41a371222a7dbd7
SHA256

9087524f51be94d7f403c884db0c6e26c4b559b47a8e6b75abfe37a50997df64
SHA512

795d250b14e586b36dadd67a80f9316c993d53455e3395c643ccc67e9f7403fb52ffa78136849e0b0c001ed848c3897d7add787a7b2e2c2228c44be80a039ca5
SSDEEP

6144:2aDdJmCx4VkK+IVaR9YVWKIsgMlp71ZpCDRPEsz:WTV/aRKgpRxz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6e2061d50bf9600566fa27ae95c82cc_JaffaCakes118

Files

f6e2061d50bf9600566fa27ae95c82cc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

10d14a201f13bcb018dacb55a181603a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

??2@YAPAXI@Z
??3@YAXPAX@Z
malloc
_adjust_fdiv
free
_initterm

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
StringFromGUID2

advapi32

RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegEnumKeyExA

user32

wsprintfA

kernel32

FreeLibrary
GetModuleFileNameA
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
DisableThreadLibraryCalls
GetVersionExA
MultiByteToWideChar
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrlenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ