540b8c80f647a8f2492926c08ddba4bf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

540b8c80f647a8f2492926c08ddba4bf_JaffaCakes118
Size

1.6MB
MD5

540b8c80f647a8f2492926c08ddba4bf
SHA1

e0e863122695a10a91c452a317079b9340fa587a
SHA256

76d5c248bf5bc7b4f1aac06c0d8a00ed6b9567073f623a833cd9b3a7ac1530f3
SHA512

b0e9df3773c4c06132f5b2692ddbb4a26f6fb61835e357f2d79aa1f2c4d1351198efdfb3ba9290cb0a9a8b17624ee4bf52837a14d9def5e587864a3a1a3015c9
SSDEEP

3072:SkNMinbAlVJkVpPBaog06mjE2RVKd/KfRNMAJYsFas107:NMOAlnkBa+6mkuRNfY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
540b8c80f647a8f2492926c08ddba4bf_JaffaCakes118

Files

540b8c80f647a8f2492926c08ddba4bf_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ed6702d46ede13c45dbc6a8f2e618c87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointerEx
RtlUnwind
SetErrorMode
QueryPerformanceFrequency
SetCurrentDirectoryW
SetWaitableTimer
ConvertThreadToFiber
lstrlenW
RemoveDirectoryA
ReadConsoleInputA
LockResource
FindResourceA
FindResourceW
CloseHandle

user32

LoadCursorW
LoadAcceleratorsW
DialogBoxParamA

ole32

OleRegGetUserType
CoGetMalloc

gdi32

SetMapperFlags
EnumObjects
GetRandomRgn
PlayMetaFileRecord
GetSystemPaletteUse
SetBkMode
SetPixelV
SetPixel

msvcrt

strxfrm
iswdigit
getchar

shell32

SHChangeNotifyDeregister

shlwapi

SHRegOpenUSKeyA
SHRegSetPathA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ