6978fb45c04d39570ed780a6207510a0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6978fb45c04d39570ed780a6207510a0_JaffaCakes118
Size

40KB
MD5

6978fb45c04d39570ed780a6207510a0
SHA1

6f252767ee9decd5ddf75d0b102bf02e5d855767
SHA256

b290dc27e812ab5920a98cc51e07b259edad38f6601b20c72ada3c7136d26cf6
SHA512

a965f401293cc010eb2aeca8a14259fe43465f6309800070724ed6e0df4313b991941f7a5a3d79ae3ba797e1adf16ec361b742b59b69626e4011099f1fc56c3c
SSDEEP

384:uwEepxVAYgY+9naWHBBcgAvwqzDgB+2Sj8YJX7HQa113:+AxVAzt9naWHH0BzDgBdSjBJX7V1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6978fb45c04d39570ed780a6207510a0_JaffaCakes118

Files

6978fb45c04d39570ed780a6207510a0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e7b0f1ca9512c70cbd8ca9dad55c8946

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord520
ord523
ord525
EVENT_SINK_AddRef
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord607
ord319
ProcCallEngine
ord537
ord644
ord645
ord648
ord571
ord573
EVENT_SINK2_AddRef
ord101
ord102
ord103
ord104
ord105
ord320
ord321
ord616
ord617

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ