704ca8067adc96b256ea89f4c6f9c2a5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

704ca8067adc96b256ea89f4c6f9c2a5_JaffaCakes118
Size

39KB
MD5

704ca8067adc96b256ea89f4c6f9c2a5
SHA1

5dcbd27119d44b8e17743eec7e363b582b320e5d
SHA256

35eac7cdb8a0587605bec2f90c4d5e38fb9a4f75dcc9bf5380c67eabee09d95b
SHA512

c5ce6626ca1e47d1cafff5f5ae3fbfe9cd31661de4288c8335b8dece7d7fc04aa9eb3ab91527f40f7220ffcfefd43c678c1d5b5498e9d0b5ccb3067113d08fe2
SSDEEP

768:L/0HYfogFh7X5aq0vPdz2dcx64KsQG2FD:L/wOPb7XkxvPIWxTQzF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
704ca8067adc96b256ea89f4c6f9c2a5_JaffaCakes118

Files

704ca8067adc96b256ea89f4c6f9c2a5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4a5c7016f8a55183eaacea531147a4be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ