730314ff415401fd2476666b1aeb6073_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

730314ff415401fd2476666b1aeb6073_JaffaCakes118
Size

24KB
MD5

730314ff415401fd2476666b1aeb6073
SHA1

b9697be9129240e77f3f33c37b4246d57ff649cb
SHA256

31e64996fd2d06ababd930c0942cd6794bc4bf1effae3f6f517ae62648eb229d
SHA512

293e647afdf501cd1f34ccddbdc684755d209d390ab497787e69d1f1e120e0af43d997b150e51a526550fbaf604d83fdeac1299c9be4aa706418d915cf70a609
SSDEEP

192:hbsPRXiVDFJkaAa11RllERhIAU8dMdWLOaxbj9IXAVmHBd:dsPRyppPHBER79pRxbj9IgmHB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
730314ff415401fd2476666b1aeb6073_JaffaCakes118

Files

730314ff415401fd2476666b1aeb6073_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

99ff53beb4f65d306915ca63d9543c40

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

MethCallEngine
ord665
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord644
ord101
ord102
ord103
ord104
ord105

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ