6f9427910d1fa24693a35f9b8d1085e0_JaffaCakes118 | Triage

Sharing

General

Target

6f9427910d1fa24693a35f9b8d1085e0_JaffaCakes118
Size

638KB
MD5

6f9427910d1fa24693a35f9b8d1085e0
SHA1

de226daa9630688a1a6d867f59ce504be5d6242f
SHA256

2f59aad9f3d0d415f7798004cee0fc9dae49dd231520446af2b1e15668f1e14a
SHA512

bf0b03c8e018d7def742049fe178040be4e6e1e4204fee1629b50eeccb3fcbfe31d17eb55c6c5cec81774fcb6c5b99f2e619437083a90edd3a3f7238eaddb071
SSDEEP

12288:FOZ6VT9oAzG8pKW5AklN6hdlXRfF8tQGt9/hwp5:UgVJVDpKW5AtHtwQGt9p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f9427910d1fa24693a35f9b8d1085e0_JaffaCakes118

Files

6f9427910d1fa24693a35f9b8d1085e0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ