2fc15a1b1ace8247ca49dfc7a49db750_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2fc15a1b1ace8247ca49dfc7a49db750_JaffaCakes118
Size

1.6MB
MD5

2fc15a1b1ace8247ca49dfc7a49db750
SHA1

df1672392234ba3609c5eb504aa1475dc0cc0418
SHA256

ff1d1a4b900b9a69080e5159f0724c357882555336758ca1b3c2991824d642d6
SHA512

f5bc1560c3ad6f84bf90eb513cb2d22a904bb8c959eb29ba150c89fc47c6fef1f6fb3130211346bffbe7552c4b929e769369f07ac410a93f4e55d2051c706800
SSDEEP

6144:GXkWpMQwzjCZl13fTS5W3tc7T1rdEjVJ3D:GXNMQ1ZDfTS5eccjVBD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fc15a1b1ace8247ca49dfc7a49db750_JaffaCakes118

Files

2fc15a1b1ace8247ca49dfc7a49db750_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d0ce7491427e1ed0cc260e78358aa4c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
OpenEventW
SetFileAttributesA
SetCommMask
SetEvent
SetHandleInformation
Sleep
SetConsoleMode
lstrcmpW
SetProcessWorkingSetSize

advapi32

SetTokenInformation

gdi32

SetBitmapBits
SetTextAlign
SetBkMode
RoundRect
SetLayout
SetTextJustification

msvcrt

_utime64
__p__mbcasemap
_cwait

shell32

SHEmptyRecycleBinA
Shell_NotifyIconW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ