251c0879508fbcdc12eee9d315381cb8_JaffaCakes118 | Triage

Sharing

General

Target

251c0879508fbcdc12eee9d315381cb8_JaffaCakes118
Size

669KB
MD5

251c0879508fbcdc12eee9d315381cb8
SHA1

b00fba6b42e710fc4e8c199fe27f6293d883f56f
SHA256

2f2ad7d2d291bd6f78e173d0371f53aac20ab901086e4de1a889a43d55d81bce
SHA512

20f52dfb3b2439761f94c6a193358f8d6e24febe1380d8908b6d1ffe4ad293cc6151391c28589376781931c8e7d5869951a1ab3abd2e670ccf838e85b9a9fb69
SSDEEP

12288:rIukUn4HHRaIsGyLmOtEAtk/1+JsHgWl9/XHYmBGpaZDpgL/fO79s:rrkM4nAJDL/yLHgw/XHYmBiaZdgT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
251c0879508fbcdc12eee9d315381cb8_JaffaCakes118

Files

251c0879508fbcdc12eee9d315381cb8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ