2e160702ab7c78b7dd560b8e6fd81f03_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e160702ab7c78b7dd560b8e6fd81f03_JaffaCakes118
Size

158KB
MD5

2e160702ab7c78b7dd560b8e6fd81f03
SHA1

8a7ce432a8a5f2dde3a7b6c435abdded87c71bc0
SHA256

488e1f2546b2e90885a849a0dac0cf9c72ee0e512695737f53932be4025b8417
SHA512

a987f2a0f6ccef998cae9dc4e05418d9ec58bdcbed43b302d98f48d588f13605c18ddb4d1300532d66ab87efb5d146ac81a574a38a268d51cd3c574bd8e8682b
SSDEEP

3072:N+ZqrzXT9XQ2jzZyz2tKM6q9uklOrlTA2FJSO8cEK/inbeFbbQW:NOqbtQmZ1NuklO22FD8EIbcMW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e160702ab7c78b7dd560b8e6fd81f03_JaffaCakes118

Files

2e160702ab7c78b7dd560b8e6fd81f03_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

52d9e0b5791b5af0755033182fd80f4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

advapi32

RegDeleteKeyA

shell32

SHGetFileInfoA

ole32

CoTaskMemAlloc

oleaut32

SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 53KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE