044ab8e914d63a8d58b19b1298f029b2_JaffaCakes118 | Triage

Sharing

General

Target

044ab8e914d63a8d58b19b1298f029b2_JaffaCakes118
Size

159KB
MD5

044ab8e914d63a8d58b19b1298f029b2
SHA1

3b76c72811530080aba015179f63c3d2297af88d
SHA256

6a79c744d175b81495780bd4b0a8d3dd010504e059080dbb522f96f2ab9daf9e
SHA512

30da5d808e07f427ecf696ce106906854c78549082d2160c7e4b75b32d8d9115647b12dc0a8428948ed9cd26f1712c457a32143a70087a746bab264a107f450e
SSDEEP

3072:W/a5C1c7pLxRtnQjrT6cyzCe9k3nQCpYBGNnI5uICD3F308RcgOmfo6LmuY:WCc1c7ZtQ2pCegZpUsT3R08igOyo6VY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
044ab8e914d63a8d58b19b1298f029b2_JaffaCakes118

Files

044ab8e914d63a8d58b19b1298f029b2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

df233a3541b8f366458300c9ca67ad13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

ShowWindow

gdi32

SetWindowExtEx

winspool.drv

ClosePrinter

advapi32

RegQueryValueW

shlwapi

PathFindFileNameW

ole32

CoUninitialize

oleaut32

VariantChangeType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 151KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE