42c703e6edf9219e3664d4793d90d585_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42c703e6edf9219e3664d4793d90d585_JaffaCakes118
Size

620KB
MD5

42c703e6edf9219e3664d4793d90d585
SHA1

7d9eec74e999148e59d74bc447fa9cac0d917196
SHA256

b32b8f77bb87cf639bc0c2a59ba8ecf8efd47e95c0e90e2a703db7920aa25ca3
SHA512

563d85d9133ac4d028073407e201a6d4ca09011b395cf25b65a3fc8ba263a3b66f97180b0ee9a8a5c3e5267d1a0e3393bbc030d96f1fc3fc823660ef70862d39
SSDEEP

12288:TDwP/V7AnKd58GfOcrruYsPoZvgKX2lLKXN:TDq95dCGlXuWgcmU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42c703e6edf9219e3664d4793d90d585_JaffaCakes118

Files

42c703e6edf9219e3664d4793d90d585_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ