47d223aadbd3c0e5fc5138bd14516564_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47d223aadbd3c0e5fc5138bd14516564_JaffaCakes118
Size

852KB
MD5

47d223aadbd3c0e5fc5138bd14516564
SHA1

f7dfbc8c7b2a03149ed3bbfeec4c8e6042150a98
SHA256

9fe61681b96bbd453f664468577bf57db19bab28411b0459e512261f3ffe049d
SHA512

cd3f27382bead1624872581f3ba0359ec7c43dc4ef99198e2081d54c657bb47b51a05ff73d31f48390c0e3c159f191565ecaa806f24f1720b5ca6e5095c7d181
SSDEEP

12288:ytv1W0IFGiS5JeprW70QxcPJHRFLL+p6r0k2JC1RW8QvHCqmoRIiuv53o6o80jLx:GM0PiQ85xRJ+U0Dy0WoRIiuvW6cl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47d223aadbd3c0e5fc5138bd14516564_JaffaCakes118

Files

47d223aadbd3c0e5fc5138bd14516564_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 574KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ