5d4fc584bdb943eabbeea85138d9568e_JaffaCakes118 | Triage

Sharing

General

Target

5d4fc584bdb943eabbeea85138d9568e_JaffaCakes118
Size

556KB
MD5

5d4fc584bdb943eabbeea85138d9568e
SHA1

d0edc7727201e3274112b988c583adf434cc556f
SHA256

97c56a40410ad316526b85a25d6f9373c3ef113099c1d32aed3a5d552a2da8e9
SHA512

1d587a35447c3bd73c1d6ab9becf4a3e8e44594c9de9b8ac6c6e9af6d215a330ae711a3a4ace308df8bc99f246b6e03dfb1fed74b658f5e768af19aeae2d7e93
SSDEEP

12288:TyA1ZdqVfv/6HftOIA3+00wstpSdCi3TLdvCZ51Syc1OVBwk:X1fqZCHwIr00taCiHt0HS/O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d4fc584bdb943eabbeea85138d9568e_JaffaCakes118

Files

5d4fc584bdb943eabbeea85138d9568e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 485KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ