03524762652e9d627924251e008f119e_JaffaCakes118 | Triage

Sharing

General

Target

03524762652e9d627924251e008f119e_JaffaCakes118
Size

17KB
MD5

03524762652e9d627924251e008f119e
SHA1

00e2ef131c39c39f53bbd985c4b222f109a14d9c
SHA256

e06b74344fbcabd46b165962e82e75d216b2d4d078b28f3596c522b149644941
SHA512

a1645ee8b341f5c3e671605adb1d685b77c1c589b7eb176a1ebba824d9d4b841279491d27f81177c8176881e3773d89c77bcdf728db6a54f3b6f1542ad8df8e2
SSDEEP

384:JAjJwnH9vBu9RdP5EZpWo+dxpTwQ9H2JDH5/yBMDAQk:JwJka5EvWo6xoJDZaB2AQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03524762652e9d627924251e008f119e_JaffaCakes118

Files

03524762652e9d627924251e008f119e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

29acf4e9965619b04a8394948ad9c5dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wininet

InternetCrackUrlA

msvcrt

memcmp

shlwapi

SHGetValueA

urlmon

URLDownloadToFileA

user32

IsWindow

ole32

CoInitialize

oleaut32

SysStringLen

atl

ord58

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.rdata
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE