f1600757bb7b4c493be86192b9bd91e1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1600757bb7b4c493be86192b9bd91e1_JaffaCakes118
Size

36KB
MD5

f1600757bb7b4c493be86192b9bd91e1
SHA1

0c2458d7ae51dd00386667c7ed8ae5fdff4173b5
SHA256

787dad95b0b13650eca5d737fe83c5e156c224d7e1e3249b31819f190464da12
SHA512

856c63d3ac9f844301ca12a6dd627c93049003c4a4f122b2695a6da6a1a44f050d3d0149227c4c63c4e868adfaf4b9a63d2213f28e756c7cfe5e14831f6118ef
SSDEEP

384:jhMzkCtjr42oOsPTNUGhgPGp4+mb+bFKf6xiyKmGjEdVR5trCG:jhWK2zshQJ+qCFKf6xiypGjyR5kG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1600757bb7b4c493be86192b9bd91e1_JaffaCakes118

Files

f1600757bb7b4c493be86192b9bd91e1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fe5080121b64863ec084f084f7829bd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

ord690
MethCallEngine
ord595
ord521
EVENT_SINK_AddRef
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord534
ord536
ord101
ord102
ord103
ord689
ord104
ord105
ord616
ord618
ord581

kernel32

LoadLibraryA
GetProcAddress

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Oreloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.�x6*�
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ