fb6164f3954271b7afb0ac28c6c2cbc7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb6164f3954271b7afb0ac28c6c2cbc7_JaffaCakes118
Size

23KB
MD5

fb6164f3954271b7afb0ac28c6c2cbc7
SHA1

070ab2761fd8e9db55995d5d7bcfd849d94b0a78
SHA256

e7314b44d93715d3294041e1b86f009ecf92d7b206bb7509f12f8b367ceb4dba
SHA512

8361f5068a8c3a5fea1301c3bd720e24d0385b30013f77ed3872f8a81a4c0095d11865a817de5af426c84b0fe387d8327f853376747757e691bb2e26a0416b81
SSDEEP

384:PxysWK9SNZavGSbNxotayyAyfRhiat0VhIDosh6iGuKuq717vvxlLhW7xl4WX:Pxx9SD+GQnotayybiat0VHsh61uKZ7DY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb6164f3954271b7afb0ac28c6c2cbc7_JaffaCakes118

Files

fb6164f3954271b7afb0ac28c6c2cbc7_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

445ce424e48fd1adda4e9b06cc5f3ef7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

user32

GetDC

gdi32

BitBlt

comctl32

ImageList_Create

shell32

SHGetMalloc

ole32

StgCreateDocfile

oleaut32

SysFreeString

avifil32

AVIFileExit

advapi32

RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetICWCONNVersion

Sections

.MPRESS1
Size: 18KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE