64869713ba63fbe3b52070e19e0cc315_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64869713ba63fbe3b52070e19e0cc315_JaffaCakes118
Size

607KB
MD5

64869713ba63fbe3b52070e19e0cc315
SHA1

dec14a464589ff3319df8bc8a9ab53f5e7617331
SHA256

43f79e13e89b88cbe4d5a2a61f19e93eb9dadd8d53da2dfc4595fec710b39f87
SHA512

95d992da28a22398aab02f54fcefa9a7073bc56467239d2b91e5d3a8f5ee279bf54f67ead9f8f3710dc9c6007ee7af2c97584ea7e2361cf966d741fd1c2e2d38
SSDEEP

12288:JpIt9HX65cspWkY5DARyLuaIg3QaoYrxlw6Epo/:JetFXsoB7LGnaoYrxlw6Epo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64869713ba63fbe3b52070e19e0cc315_JaffaCakes118

Files

64869713ba63fbe3b52070e19e0cc315_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ