16070354c340ffbaf4c26111064b0e86_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16070354c340ffbaf4c26111064b0e86_JaffaCakes118
Size

52KB
MD5

16070354c340ffbaf4c26111064b0e86
SHA1

9e84ab1df613ad37a24a3fa5f2af66e9903503f4
SHA256

f4ba33c3298ffa34f984ccc3b517a26ce914bb94b96fde97844f28bbe6f4446c
SHA512

d3d9d41304899dcca2fe0536190ae18dc088fffc8a48180650263a5aa33c596705ee53554e4998355a23b98ad330554df9be520c21fcdc37eaa859506b8fd74c
SSDEEP

768:wAbmfJjaDUNytK+I/QZEtMC0NQENFHOPlz7v8R1oDc5HV0KvnFzFFVe0:pcJjm3gR7v21oDc1mQnN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16070354c340ffbaf4c26111064b0e86_JaffaCakes118

Files

16070354c340ffbaf4c26111064b0e86_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

73b05eed929a283db205fc21daa079bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

msvbvm60

ord693
MethCallEngine
ord301
ord307
ord522
ord631
ord632
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord608
ProcCallEngine
ord537
ord644
ord685
ord101
ord102
ord103
ord104
ord105

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ