fc1cbeeee8e51c71077fae82ebad35e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc1cbeeee8e51c71077fae82ebad35e2_JaffaCakes118
Size

100KB
MD5

fc1cbeeee8e51c71077fae82ebad35e2
SHA1

b4be3f70618310338f078171ef559dedfc715bde
SHA256

a6618d6eac6960cc25cc8499b0c958c873db3df463c610aa46852773366014d9
SHA512

298232abbb629d4fd72db0e36fa987ec9513753a9abe558be12aa211ba8250700470ed604b68bedad1a9c6f945331188a687772b625b529e51c8979de11b8881
SSDEEP

1536:WD9i98J0q1faSmgU5o3RA30oKwkg0+HFMmw0Sh0pJY+qrmDaVpj15GpRVdF:gfJtabgJ3RAaxf+ZwC2rmDu+VdF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc1cbeeee8e51c71077fae82ebad35e2_JaffaCakes118

Files

fc1cbeeee8e51c71077fae82ebad35e2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9798d63904853fadc6d921fe887f9811

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

BackupRead
FindVolumeMountPointClose
SetupComm
GetProcAddress
GlobalFree
GetEnvironmentVariableA
SetConsoleScreenBufferSize
LoadLibraryExA
InterlockedCompareExchange

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Eankoea
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 96KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ