3236b0549d4b960ca0780b84c528cc40_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3236b0549d4b960ca0780b84c528cc40_JaffaCakes118
Size

560KB
MD5

3236b0549d4b960ca0780b84c528cc40
SHA1

955fc5fb6fd2f74cc42de54a119820e22ffd9e03
SHA256

15928b32cecad4407786d78e952d4346421b17c4e48c38bf7f3aa589a374c178
SHA512

78b5d340194198d0b1461edf7f704bf57c2c917731b62ed473f2d9d9e2eb18037baec8711df34509c5b47132cfbc326e50bfd706cc4f62943dae785c6ca6c870
SSDEEP

12288:CgUV94y09yxH1az44i2JiU5VVNIUOZH5by2d3nr/AG:+VGy0E04wskIZHME3nro

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3236b0549d4b960ca0780b84c528cc40_JaffaCakes118

Files

3236b0549d4b960ca0780b84c528cc40_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ