5245790726a707623ce5a697a00e3aa7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5245790726a707623ce5a697a00e3aa7_JaffaCakes118
Size

247KB
MD5

5245790726a707623ce5a697a00e3aa7
SHA1

c1ce3191b109df8eb3da2eb5e52810ffcebc6308
SHA256

acd1c421666dc13e0ca59774600eb4fb11fdea7c28c0465077e3abc09d2ce9d3
SHA512

2c162727ce9b941ab7481fd9e1e53f6899aa258e2ab21bcbd5f91eb4445e31b37cc93f50f4885e5031a35c801c142b62ff46e7e0c315cd7fb5f659535a0e9a2d
SSDEEP

3072:bUJvRCO5bvMy8XR95Pf1O1SkEKkHEFfQKyRCe5UQ642iRN2Cl1D2ECTEOlAzXCw8:QeEROvckHiM2iPHD25TpyWqyvxrf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5245790726a707623ce5a697a00e3aa7_JaffaCakes118

Files

5245790726a707623ce5a697a00e3aa7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a26c1de468313b703f2b10ef14702f55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 203KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE