36a0b196ae0402a318ea33c69c0a06db_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36a0b196ae0402a318ea33c69c0a06db_JaffaCakes118
Size

256KB
MD5

36a0b196ae0402a318ea33c69c0a06db
SHA1

37f712029d6b092effdf54cdadf4cf93354b3503
SHA256

1dc73044c438c3afd90fba858ff03f4ee3da49e407d44fdc2485c554386fa538
SHA512

d48057e8011eb352b3e89c9989f9080f14c106e11412bcac57eba52ae0aa96172071a941342712a49a3d0bdb135bc40b46cf4a054616731452a5adb7270715dc
SSDEEP

3072:msb1iumshpL562/OgJyWXYxQWXgpF6MOlDybGmoc3aD705BXLp2e3XBdiKt1hQgx:Lb16shR5Nl1pIlubGm+kLLp2IbiKv3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36a0b196ae0402a318ea33c69c0a06db_JaffaCakes118

Files

36a0b196ae0402a318ea33c69c0a06db_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

3e0b3b114f6527e673f197ca334c91cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

IsEqualGUID

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 206KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE