24474b75922f29121ef15607457be4d9_JaffaCakes118 | Triage

Sharing

General

Target

24474b75922f29121ef15607457be4d9_JaffaCakes118
Size

2.3MB
MD5

24474b75922f29121ef15607457be4d9
SHA1

93abef9ac690725c17d81762c175d6ddfd77a345
SHA256

7a634bec8fe4735ca5add904adb83b001325f7ea4a3b7db55b9e9ddfbc626266
SHA512

8e5d6f16a9dde19fe15202af97d59ab4fccdd618a2f017e555f45f4b35ddcad96b8506da55cf46a72f53c697b2859f5e07a83680a3f60e2e35996af55d1a4764
SSDEEP

49152:zqcpWggwJ5SK3AGMhJt2bKc4wYRhp26hbKD0QbtoyRt7uF:ecEgxvSK3TMhJOKyYRe0QJo4yF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24474b75922f29121ef15607457be4d9_JaffaCakes118

Files

24474b75922f29121ef15607457be4d9_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

a7bb8da65072c8069e74949d1cc3256e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
VirtualAlloc
LoadLibraryA
ExitProcess
GetModuleFileNameA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
start

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ