28bee485ca7857ee00e4f4d7e5195a98_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28bee485ca7857ee00e4f4d7e5195a98_JaffaCakes118
Size

101KB
MD5

28bee485ca7857ee00e4f4d7e5195a98
SHA1

19e9c72fe33d1abf4cf79235ac40ff05cad26317
SHA256

b6b6de3794dcd871a074d7cf243faa2fc3fbe2fafd39aec884e68b4402a3f487
SHA512

33b3a1a8c3cab711fac7c436228e898d7557060ac7a2342f5c489028b400e8745ce41f261ca20a618ec5054fb8aa8ff094ed96cf2ea7d53263c04707a153340f
SSDEEP

3072:xOpa7OSZDI53A96+310M9Bo5rzCLJ5ew0s39:kiOQDG9yOOBodQJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28bee485ca7857ee00e4f4d7e5195a98_JaffaCakes118

Files

28bee485ca7857ee00e4f4d7e5195a98_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e3f6249d4e112c8d7a11db2acea8b79c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryExA
HeapCreateTagsW
GetProcAddress
QueryWin31IniFilesMappedToRegistry

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInit
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 98KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 374B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ