fbeb5b56bf9ab91faec3b34b240d3256_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbeb5b56bf9ab91faec3b34b240d3256_JaffaCakes118
Size

113KB
MD5

fbeb5b56bf9ab91faec3b34b240d3256
SHA1

c6c42d9cf92e9fa915ef6b53c47d88a9e77fff3f
SHA256

255f4c734feeb56d32bcd435596c614a737191c13859d488c1d2b2dbca24aafd
SHA512

631b3724080976af825584879a813c1580e2017aaaac4057bf2d417d1f7394e8e8c51ecd9debce81d9afdbdd10e8d188c1da9bdba157f6fa0f69fccefd1f8757
SSDEEP

1536:pelpK6Bp3ctQHCMQM+YRpZhIR5nsldazYVFmtZhIoG90AGr/HffskSzS0laZ3XL6:pWK2pmQQMrpOsLazYVFkZhIt9qjT0JP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbeb5b56bf9ab91faec3b34b240d3256_JaffaCakes118

Files

fbeb5b56bf9ab91faec3b34b240d3256_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

55927bf4d38d2b520ce7510859dcc740

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

advapi32

RegQueryInfoKeyA

shell32

SHGetFileInfoA

ole32

StringFromGUID2

oleaut32

SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 45KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE