28f3a9d95a04525879a6f8dbaa868180_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28f3a9d95a04525879a6f8dbaa868180_JaffaCakes118
Size

61KB
MD5

28f3a9d95a04525879a6f8dbaa868180
SHA1

cc63a3f63088f4ab2589deefd385e7a9c3f8ff37
SHA256

4f14d12319bd50f6ecb84882d83e8fd605f4b781d54b39d3ae5c59fcbf3fd39f
SHA512

872f475b9cab8e7e79432ffa8e3b064b8d6870ad5e1dc6c77101147ccc8d89c8c5367a212766a6a4b91e1b788a9fb92590423817b545b2890a4b620317b3cb09
SSDEEP

1536:MiFJFHN5mrsIizAPM0KjbEeV/rvRk16NlTekE:MiF3HszHYPDvRLfY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28f3a9d95a04525879a6f8dbaa868180_JaffaCakes118

Files

28f3a9d95a04525879a6f8dbaa868180_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5c0268f811816f0d3cf30cd1f5b3b765

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

LoadTypeLibEx

msvbvm60

__vbaVarSub

Exports

Exports

CPlApplet
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE