f4bb060de5453e9d628ee5e90c740dbb_JaffaCakes118 | Triage

Sharing

General

Target

f4bb060de5453e9d628ee5e90c740dbb_JaffaCakes118
Size

57KB
MD5

f4bb060de5453e9d628ee5e90c740dbb
SHA1

81304044263ad6e98a2d978c97e4ae29de65aa65
SHA256

ae77b677e8c7a67a0c9121cae042dd4e977ee3487ceaae5726f377ce3280fc07
SHA512

b1c3e29f26fd2c474d244e79ca8949e866873f5ddc144e2547448b513224bb6b71af8319d9bdd254fcd3e0231d066998bfede19894090434c3dccdd0d0868a12
SSDEEP

1536:dZoOQeP15YCslCvzF757+Rcl/K5InG4Xi:A6fslCrF7QcNqQi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f4bb060de5453e9d628ee5e90c740dbb_JaffaCakes118

Files

f4bb060de5453e9d628ee5e90c740dbb_JaffaCakes118
.dll regsvr32 windows:6 windows x64 arch:x64

cfa8dd488fd4044f7dbcc5838881a33c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetCurrentThreadId
GetCurrentProcessId
GetProcAddress

Exports

Exports

?druio@@YAHXZ
?dweby@@YAHXZ
?hoprtw@@YAHXZ
DllRegisterServer
PluginInit

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ