14991a8f7e270435e0aea3b8f401a304_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14991a8f7e270435e0aea3b8f401a304_JaffaCakes118
Size

65KB
MD5

14991a8f7e270435e0aea3b8f401a304
SHA1

bb399e0950572ad6652774f90e541df937404135
SHA256

abd30f7d348c87d6b4351d1f33ea59410d4e87489994afae8087396a843c13dc
SHA512

49e579ddb35d576cbb24d2b68fa0e03253225353f6dec7af9df77d4ad5a993e7950582076f4ede9404f3649776647fb2e8fbb29590dfe810079382012d0284d8
SSDEEP

1536:xNvAy72L3FUjZ9MleYzgd3NteGNBUzWF6p:xSXV8EwYzGTGaFK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14991a8f7e270435e0aea3b8f401a304_JaffaCakes118

Files

14991a8f7e270435e0aea3b8f401a304_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8f8b3dd043161b36ee415f6c82543411

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_CxxThrowException
_EH_prolog
__CxxFrameHandler
malloc
free
realloc
memset
memcpy
_stricmp

kernel32

GetModuleFileNameA
CreateFileA
GetFileSize
ReadFile
CloseHandle
FreeLibrary
HeapFree
IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualFree
VirtualProtect
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetSystemDirectoryA
GetComputerNameA
VirtualAlloc
GetProcessHeap
HeapAlloc

advapi32

GetUserNameA

Exports

Exports

DllGetClassObject
DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ