06d62a2b736fdfe86e518f21d5349a83_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06d62a2b736fdfe86e518f21d5349a83_JaffaCakes118
Size

100KB
MD5

06d62a2b736fdfe86e518f21d5349a83
SHA1

83fa4ef5c2a460656a41c85ff44c9bc94a841591
SHA256

1552ae0b67912760de8ab3c40ecf460a46be142451145e9dba76b8bb83930e1f
SHA512

f9a2535c1247a93ccd65f6ea71b16c953439667fe1060473005a8bf64d746cc6aa34cc11d444355ef5045af30d198a1335758dc5bf029b72c1b51bb1562d7396
SSDEEP

3072:+tnXIdbDRkY+cVYP0vmd8dhmQUb3ge54J0f:+RIdbVkY+4YP0A8ED7uJ0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06d62a2b736fdfe86e518f21d5349a83_JaffaCakes118

Files

06d62a2b736fdfe86e518f21d5349a83_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f19b0d7216fbf76905f07e7b56854efa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

UnregisterWaitEx
ChangeTimerQueueTimer
Module32Next
CreateFiber
LoadLibraryExA
GetConsoleWindow
MapViewOfFile
GetProcAddress
QueueUserAPC

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Gakncni
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 97KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ