028b510b09f2b6c42b59c5d58221801c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

028b510b09f2b6c42b59c5d58221801c_JaffaCakes118
Size

11KB
MD5

028b510b09f2b6c42b59c5d58221801c
SHA1

988e1d3561f6b8c40c89ae5cfadfde541318de92
SHA256

e3453a8da8c34062e121adfed8c2cd466dc2296cc628a03cebb8a69e264e3438
SHA512

ea0114929275397c759590d20f2a748cc4e9e5901be1b4ce796648e28d62e6ba22b3ee914c84c3733d2f854b8ac90b262a39f3f975ad4168976c82a5af5ff072
SSDEEP

192:uyEKCCErc7mmaKonBe59ZrKDoIYkTBJrV0EGBwKFuKKzrJ0S2wiAi/R4M:jEKLec7vZonK9KFhvVRKwK0nwwinR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
028b510b09f2b6c42b59c5d58221801c_JaffaCakes118

Files

028b510b09f2b6c42b59c5d58221801c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c0186d503074c3a5cb2f8a34e6a30c25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetSystemDirectoryW
lstrlenW
lstrcpyW
lstrlenA
MultiByteToWideChar
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
GetModuleFileNameA

user32

MessageBoxA
MessageBoxW
wsprintfW
CharLowerA
ReleaseDC
DestroyWindow
IsWindow

gdi32

RestoreDC

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ