1009c0b9c296191aa04c91ede16c6a13_JaffaCakes118 | Triage

Sharing

General

Target

1009c0b9c296191aa04c91ede16c6a13_JaffaCakes118
Size

796KB
MD5

1009c0b9c296191aa04c91ede16c6a13
SHA1

4aaa2772d48d2db87010506cb5a9b071ca8fd718
SHA256

457bd14da6e6d7e2fe7600d8b637e5dfce1b62767c9920300a731fc7d9063ab5
SHA512

fccd6b0f0891d001c495b300e452415bb4613ea73c0c067382d6a06f17050fe46d9c2dc092def5fc0cade48916817e04c9d10b4dd36154b5d9d6974eea15907d
SSDEEP

12288:btv1W0IFGiS5JeprW70QxcPJHRFLL+p6r0k2JC1RW8QcHCqmoRIQDvdn6o41cU:RM0PiQ85xRJ+U0Dy0HoRIyh64U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1009c0b9c296191aa04c91ede16c6a13_JaffaCakes118

Files

1009c0b9c296191aa04c91ede16c6a13_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 573KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ