JaffaCakes118_affd2ac259db1b8d1b51438d1baac42f6efedf7250f39435baccfc81eb1485c5

General

Target

JaffaCakes118_affd2ac259db1b8d1b51438d1baac42f6efedf7250f39435baccfc81eb1485c5
Size

27KB
MD5

04dda4e05e233c819f123994474ea31a
SHA1

be1f00eaa9fe693c9df7ffb494e128d0fb3a01e6
SHA256

affd2ac259db1b8d1b51438d1baac42f6efedf7250f39435baccfc81eb1485c5
SHA512

209ac6565817d845ebd8e635f357ca3f8e030ac6420c1b7c5ce8112619a15e62fb8b58dbe751ccaeaf85679f3deafa3568805212f626a1010c60b32cf7f15ac6
SSDEEP

768:Fus3zev0bSm1qqZGZbuUHmqH4AwqLpagVEIZQOc7g9Y3G5w:rbBqqKuUvZLp9Tig9By

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/44271.612877662.dat

JaffaCakes118_affd2ac259db1b8d1b51438d1baac42f6efedf7250f39435baccfc81eb1485c5
.zip

Password: infected
44271.612877662.dat
.dll regsvr32 windows:6 windows x64 arch:x64

95b2898fa77b48d0d76af3340137da99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrA

kernel32

GetCurrentThreadId

user32

SendMessageA
SetTimer
KillTimer
GetClientRect
MessageBoxA
GetClassNameA

Exports

Exports

?PostRtm@@YAHXZ
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ