659317ebe3f8b35dc4a59267b3bc5dde_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

659317ebe3f8b35dc4a59267b3bc5dde_JaffaCakes118
Size

407KB
MD5

659317ebe3f8b35dc4a59267b3bc5dde
SHA1

fb7329cd343c038d65ef7ffe96d8e2a61d682c33
SHA256

644c0dfb18103b1642591b470ed6fee6aa9dcb5679f6df396e78093c3e859fc4
SHA512

f5e08dfecdd73c68d7e310b14dc95b8a4a009d931f77875557d596a8e2f2c3deb036052cfae51064a2f2e679164b9d4b52149a66e17ef63c28e0b4976d23a4b9
SSDEEP

12288:l8wlxNenZcFFM5IqnRyzVgz7qYgdD+7wJOQTrB3YRxsl:l8WbFkIiEzKz7qY87VTrBgx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
659317ebe3f8b35dc4a59267b3bc5dde_JaffaCakes118

Files

659317ebe3f8b35dc4a59267b3bc5dde_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

aadf5c8667fe05f652d8f2e502e2b9d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

GetModuleHandleA
GetProcAddress

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ