0463a5a954a4b45e5ea1a7e3c17b1cba_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0463a5a954a4b45e5ea1a7e3c17b1cba_JaffaCakes118
Size

1.2MB
MD5

0463a5a954a4b45e5ea1a7e3c17b1cba
SHA1

68ddf4fffc0447eb00cc4d42666a3cbc73bc14d5
SHA256

9f92ff3f1a7c5025a1926fa975f9fe807f95251c81d25eba15730be3b5f53d13
SHA512

f7c3f93ef6b6f67de08b93af39b7f423f346ce16e966d6efc3a458c8ab26173614b55ef81112f340490ec237465221ee6445f8ab6d20257195c1c97aaf124b51
SSDEEP

24576:A+pHvnMJJfAVpx043rTsWySmpiR9ZzrnT5FiQ8GVxcGs:A+JvoJfAd043Jndr3Z8GVal

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0463a5a954a4b45e5ea1a7e3c17b1cba_JaffaCakes118

Files

0463a5a954a4b45e5ea1a7e3c17b1cba_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

28d1cd325f1f40898a83cda150705275

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

IsEqualGUID

comctl32

ImageList_SetIconSize

imm32

ImmGetVirtualKey

winspool.drv

OpenPrinterA

shell32

ShellExecuteA

msvcrt

localtime

setupapi

SetupDiGetDeviceRegistryPropertyA

ws2_32

WSACleanup

winmm

PlaySound

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

Size: 1.2MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE