0d3b66d55e34bd4804d6a69cbe6880c7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d3b66d55e34bd4804d6a69cbe6880c7_JaffaCakes118
Size

2.0MB
MD5

0d3b66d55e34bd4804d6a69cbe6880c7
SHA1

3ec86b369d4e280fef723ed8b5359e9e4ab13494
SHA256

a0e5c10979fc9fdc0f411cfaf6531d5cb8c2d88b5b9510798869ecd0cbf143de
SHA512

3681a7d025cdcf531c19239eda6f6af362b41601e5d5156118125c3890d0ccbba924b1a8665fddd97f5ccaafe2e3e6bc57d79b11c8ff6172e8de5629a9b2f2fc
SSDEEP

3072:E4rf7CFxKxRLRzBVi3bVZAujug35R0cPL0WCSFuPY/IZqS4TDCimDID+m:E4rflG3bbljPr0cPIScXwS4TeioIKm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d3b66d55e34bd4804d6a69cbe6880c7_JaffaCakes118

Files

0d3b66d55e34bd4804d6a69cbe6880c7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c5b4a40f0d650fd23a68f223224725c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
SetupComm
CloseHandle
SetConsoleMode
SetThreadExecutionState
PeekConsoleInputA
SetEvent
SetPriorityClass
PeekNamedPipe
lstrcpynA
ReplaceFileW
SetConsoleCursorPosition

gdi32

SetPixelV
CreateCompatibleBitmap
RoundRect
SetMapperFlags
SetDIBitsToDevice
SetTextAlign

msvcrt

_wexecvp
_wopen
_ismbbkalnum

iphlpapi

GetIpErrorString

oleaut32

SafeArrayGetDim

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ