3da008e0464b42139baba4d08cfe2b27_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3da008e0464b42139baba4d08cfe2b27_JaffaCakes118
Size

409KB
MD5

3da008e0464b42139baba4d08cfe2b27
SHA1

adf4e097a45ad45cc96cb04555cc1ef9ae60c565
SHA256

bd5896267c063421d761614401b72da99f91e8b6934a4344da98db839b760f49
SHA512

c6f44d051f1da51e0d63b2e0ff32164d2e48549a58c7aec6afc3a509b099288c57a635e0716b7dc71e01023a43fc993b0ad0ed16b4206df7149bbb7b35d2413c
SSDEEP

6144:27LmrwXAdz4LwQr673G3Icg9+6Olz393nrgfsowtQdfPSQlp0bfLbVlT:27LBXAOJz3jg9U93pncfsobd3fWN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3da008e0464b42139baba4d08cfe2b27_JaffaCakes118

Files

3da008e0464b42139baba4d08cfe2b27_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8f3641dd05a30e5a00cd34019ad38bb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA

advapi32

RegCreateKeyA

shell32

ShellExecuteA

oleaut32

SysAllocStringByteLen

wininet

InternetOpenUrlA

ws2_32

inet_ntoa

rpcrt4

UuidCreate

atl

ord32

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 407KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE