3493ce551953669c7fe0ba6399f49914_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3493ce551953669c7fe0ba6399f49914_JaffaCakes118
Size

203KB
MD5

3493ce551953669c7fe0ba6399f49914
SHA1

28e79229c529fae03dcc3b27ff8b8d4cc7b073b7
SHA256

985342b36515e86a75d71316be94e0137e878446dfdb6d103efcf919aab6f802
SHA512

fe1df219f7f0274397bd0f2f44a2f1aeb8eeb4568299fa8e830de7942efc4719d7718869ef60944b4be4c248516a76ea9251c1712f77e02dba13482bb513ffc0
SSDEEP

3072:ZnQecXC4SWyuxqTckdfABhKFewXWjP+33UIulckC7HDhv/Px/OHzp8oL2z8jFMH3:ZQeLHqadfbAwmy3UIEcp3Px/Azp8oLFI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3493ce551953669c7fe0ba6399f49914_JaffaCakes118

Files

3493ce551953669c7fe0ba6399f49914_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 198KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE