612bfea40ab2f0ae736b98e94b95bc5e_JaffaCakes118 | Triage

Sharing

General

Target

612bfea40ab2f0ae736b98e94b95bc5e_JaffaCakes118
Size

118KB
MD5

612bfea40ab2f0ae736b98e94b95bc5e
SHA1

c95e8af48c7cd4bcc8f28583a2803eea5124b334
SHA256

9fff8e2a6ec0b66b064f156eb829722576a3a3d64a2e77387e599477a55e53a9
SHA512

b013da46cb3b34af5de8d1290ffe42ac9c6b3eec32ab7ab4234bf300c0530bdfd3371759fc9ec049a024959aefaf88578e8e2410a17e9f28ceba875533c16bf8
SSDEEP

3072:5Qyynkl6uDo6e0swuPWDsQ4gBiMJJfqc6wVAFb7XWe8Wln9J:VllTlFLsxgBiMnCfca7Z5ln

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
612bfea40ab2f0ae736b98e94b95bc5e_JaffaCakes118

Files

612bfea40ab2f0ae736b98e94b95bc5e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Serran
DllRegisterServer
Bashawism
Belfried
Vermicidal
Ahousaht
Trisulphonic
Gastrin
Prediscriminate
Glaur
Ironworking
DllGetClassObject
Concomitantly
DllUnregisterServer
Isosmotic
DllCanUnloadNow
Heirloom
Gnomist

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 81KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wdata
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ