449d5e3651a239159687bae7400f19b0_JaffaCakes118 | Triage

Sharing

General

Target

449d5e3651a239159687bae7400f19b0_JaffaCakes118
Size

224KB
MD5

449d5e3651a239159687bae7400f19b0
SHA1

b397f34716c4a43e37ddf41f5acd7506c7166f14
SHA256

9d93c5ab40b241b40beb6c7ab31cfc9fee5c3aa3edbf70b3f532c70ab544088e
SHA512

96972ee9d1cc65429a58f552ce78062f52ee1415d5d29d0c15ee8c28d6672d4ff270a1af0fb207b4432970550209880eabcd45eb13784e0629ec1ebfee17547f
SSDEEP

3072:WpeT3TWRlmWMGUuGEfIrMIQRi9PvtbE5STwmmD3iV:ySWRlmcG8s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
449d5e3651a239159687bae7400f19b0_JaffaCakes118

Files

449d5e3651a239159687bae7400f19b0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 4KB - Virtual size: 190B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code1
Size: 4KB - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 893KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ