fe467f717222cdf05ec7591e02bf421b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe467f717222cdf05ec7591e02bf421b_JaffaCakes118
Size

11KB
MD5

fe467f717222cdf05ec7591e02bf421b
SHA1

eceaf95770bbe47cf601f2bf3518b750138a4f6e
SHA256

18f06f499d80caa6993c692c35e46cfc8accd4d199df238fc1b82a4186443a76
SHA512

3d48c194adce2a778f896edfd43794d5e571af71bd3cb98e58f6dce28a9eef6dfabbbd409255efe170569b454aa6c7f7e46a650332b9fb26c0736984c3e932e8
SSDEEP

192:8ARQ64X4RUAdsWsA9MQSVKy+SYn4lBqxmw/DC0RWvNQB:V4XWSKy1NbADIvC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe467f717222cdf05ec7591e02bf421b_JaffaCakes118

Files

fe467f717222cdf05ec7591e02bf421b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e695a5ddb23ec3a46d9549c07765b03e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
lstrlenW
GetVersionExA
lstrcpyW
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleA
Sleep
RtlUnwind
lstrcmpA
CompareStringW
GetCommandLineA
FindClose

user32

wsprintfW
CharLowerA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ