779912e48d787bb7e4198c59d1d4735b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

779912e48d787bb7e4198c59d1d4735b_JaffaCakes118
Size

44KB
MD5

779912e48d787bb7e4198c59d1d4735b
SHA1

059c698581fb677c1e2576a692fd39ac7983835f
SHA256

2c289431fc8e75eeed6ecc7cf0fe7c8123820db5a61845fd55e890c2a3c5f3cb
SHA512

a2a85f06a5adb25d178089ed9b5939cbca95041e154f66d2c0a34d7e2c51be8c77f6365902a4c8255d7520c71b51a46591403ce936dc6a9f3875e5ba30eaf79d
SSDEEP

384:kzlMj7OwX1Rtlci4wmmdmcmi2k2dVQidZGPDPONSu1aM/ECIsgvHBquhwrArgOj9:VZPd2kgVQiePDGguMMKvIuhwigjK/5J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
779912e48d787bb7e4198c59d1d4735b_JaffaCakes118

Files

779912e48d787bb7e4198c59d1d4735b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

adb37c59b730344827a3d027d1e9b8fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

MethCallEngine
ord516
ord518
ord660
ord666
EVENT_SINK2_Release
ord593
ord594
ord303
ord520
ord309
ord631
ord632
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord607
ord608
ord609
ord531
ord717
ProcCallEngine
ord536
ord537
ord644
ord571
EVENT_SINK2_AddRef
ord576
ord578
ord685
ord101
ord102
ord103
ord104
ord105
ord611
ord616
ord617
ord618
ord619
ord580

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ