65a684451694a0882ae5b6df7141fa3a_JaffaCakes118 | Triage

Sharing

General

Target

65a684451694a0882ae5b6df7141fa3a_JaffaCakes118
Size

10KB
MD5

65a684451694a0882ae5b6df7141fa3a
SHA1

34d89650ca8ad32bad6616cf9d23cf3a4c50600f
SHA256

8e92a0d234117d0ab8b9fba1696aeab36d565e42b888ef70368e1b60e3690cf3
SHA512

e378f521606f2a9d5b43d8b2f2c925c5e7dbd03dc6bc0265177c532e36852c72308b364adcb12ad37f0228866b125c6a0700ce030f64ec66aef9549bd2f74f2a
SSDEEP

192:WNzaehF6zUxegF/zimuHV4SsspiPlMjsemvAjAYEWYpofWxZ1qofkW:yzaMv1JSjiPUOYBYpcWxZ1xfkW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
65a684451694a0882ae5b6df7141fa3a_JaffaCakes118

Files

65a684451694a0882ae5b6df7141fa3a_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

b5a63b6f8e6baed292ec18307c8d5ea0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

rpcrt4

NdrOleFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.MPRESS1
Size: 6KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE