f53122a0048c0a979336fdb10d501c52_JaffaCakes118 | Triage

Sharing

General

Target

f53122a0048c0a979336fdb10d501c52_JaffaCakes118
Size

462KB
MD5

f53122a0048c0a979336fdb10d501c52
SHA1

e02b875ae32eca4739178c3c518b299b507a0343
SHA256

179ca839bc1d53a1796d10882b861b7274c080f6f13d6ac1cbf6ce0b93d95e16
SHA512

c5c37ebf9f21ba6a6a3d270fa7d98979f8c6cacf32ec3e2820fd524bbf954f4ed6d9424643e974fea528a79b6394bcd52e67e7b4efcbcbb577dee08d3dbb8a7a
SSDEEP

6144:7bVPXLakbTqht5o+nKivd8Z4sPYwp4KltOzlZRMCKy6fcWWHDecHAI3C+8hkBL:db4DmavdW4svpLtmRlKMHDuIycL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f53122a0048c0a979336fdb10d501c52_JaffaCakes118

Files

f53122a0048c0a979336fdb10d501c52_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

87bed5a7cba00c7e1f4015f1bdae2183

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress

Exports

Exports

DllRegisterServer

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ