fe0e99ee499987b841aee8be0b4f4a25_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe0e99ee499987b841aee8be0b4f4a25_JaffaCakes118
Size

383KB
MD5

fe0e99ee499987b841aee8be0b4f4a25
SHA1

7ba5dd1d0ed72f99ee65c25ae1413494c2985af3
SHA256

d98dae8457ea251becea94b3a8c6f69dc2e6f9f62a660277afca2ce38cb6cff2
SHA512

5673e16f58ff6568a4e6e73a8b9b432ecfb93d026feabece2b20c02c6b27be39eabb2f7522cd00105f62adcbbf0016e35e603a41a22abaa39b0749394aa4db4c
SSDEEP

6144:nv+mM2W/iJkdo6NKESIldgSR3vtPSJd6780bxJMYnD8dJlEJHFWrNLV7d4j+Ye:WmM2W/iUHKIlfPSJA7XxJME8FEJgpi+Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe0e99ee499987b841aee8be0b4f4a25_JaffaCakes118

Files

fe0e99ee499987b841aee8be0b4f4a25_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

de9a061737cb6ec6c4135ce89e5ac0fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

CreateStreamOnHGlobal

urlmon

URLDownloadToFileA

wininet

InternetSetOptionA

comctl32

_TrackMouseEvent

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 369KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE