4498e64f02f1363d67063477506e6990_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4498e64f02f1363d67063477506e6990_JaffaCakes118
Size

739KB
MD5

4498e64f02f1363d67063477506e6990
SHA1

d317d922bd7e1b4c4760e25772d69ea0225a3b54
SHA256

d4f33b05057142063318ac8bfbbe810ef0da09454051a6f842097c6d9c6f1fbf
SHA512

13956319798d346e0c69cbd6f8ccf375edab58a8a9338f7727e94226382fb00e07aaa0da60cfe81ced558cfb31c4aaa69f9376398ded6266bf985a63d214dc9c
SSDEEP

12288:B+oFx5y7nAwfZzeNuT7jkpLyMVfFUEqOYio6CqxBgp9YR5Q5U/VBO2tePm:dFDy79FeNuzwRfS7MAuR5QUVUA+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4498e64f02f1363d67063477506e6990_JaffaCakes118

Files

4498e64f02f1363d67063477506e6990_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ