04b82e209b34ca383e15362fe814fdb6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04b82e209b34ca383e15362fe814fdb6_JaffaCakes118
Size

75KB
MD5

04b82e209b34ca383e15362fe814fdb6
SHA1

2dd81f6fb3561b57a92f272d9581ad8795cf0416
SHA256

f7625bb47d4e31659a57848085ab9066237ab26e7aa6e001d1047b346f436f73
SHA512

87eb9e86a91967e351d770745383eef9b3d1c0eb4791784b97349be39f46dd155d922a7f95000ef91eae822b0bbb518f891e29ac2a132dc36af535013f057f57
SSDEEP

1536:IcsE2Z4WvwoZiVJv3cFaVVlbZmpZkQEAPEiuwX1IVaBjm/m:YE2KawoZiVds6IZj1pX154/m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04b82e209b34ca383e15362fe814fdb6_JaffaCakes118

Files

04b82e209b34ca383e15362fe814fdb6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

168a0c79c21990926f149bb28783831f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wvsprintfA

atl

ord57
ord30
ord23
ord21
ord15
ord18
ord32
ord16
ord58

kernel32

InitializeCriticalSection
GetStringTypeW
DebugBreak
HeapAlloc
HeapFree
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryA
RtlUnwind
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
GetSystemInfo
HeapCreate
lstrlenW
Sleep
DeleteFileA
GetStringTypeA
MultiByteToWideChar

oleaut32

LoadRegTypeLi
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_16101976

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ