fb581ad2cbeb11826e3c70b3aa8b76c7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb581ad2cbeb11826e3c70b3aa8b76c7_JaffaCakes118
Size

79KB
MD5

fb581ad2cbeb11826e3c70b3aa8b76c7
SHA1

e3f44280d05f1e3074f5352246662679821cc7db
SHA256

db1e27d2183fdc5b4e21178345a5cba9435a0232c29bcb1c92b9f8ebd008bd42
SHA512

b31f17ae0a46c72b50329576912fcfb81c33b4f6a036d742f047f04c9a1e9dcb9a703573ebc83b2a9f504869649dd31b3a25ec2a1e0bad0f7882abc9f49b3701
SSDEEP

1536:qErl67A/Gdgly4JF6ypK44H5/PcrIo5CcGzf72ub7:qErD+dgZ1pC5nc0mub

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb581ad2cbeb11826e3c70b3aa8b76c7_JaffaCakes118

Files

fb581ad2cbeb11826e3c70b3aa8b76c7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fa949d982047f6f0cc30f65376b7484c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
OpenEventA
LoadLibraryExA
GetProcAddress
LeaveCriticalSection

advapi32

FreeSid

oleaut32

SysFreeString

user32

CharNextA

version

VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInit
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.itex
Size: 77KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE