83718667f53c1631215de896772dcdc0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83718667f53c1631215de896772dcdc0_JaffaCakes118
Size

325KB
MD5

83718667f53c1631215de896772dcdc0
SHA1

f3670ef9557881902386cd1ab16a4bc213a1ffe3
SHA256

d2a394a71fcd74365262b383a0eabc6d26f7a0fcab52f052b86635fd0ebafda7
SHA512

93d16ce93eb99d9d1174394b990a4188c47d96677c0b571e94dcd22b18d591647140569dab8f5bac7578c463bc87d31a3472337b2f6db430f373a74f78e25aea
SSDEEP

6144:Ndq+U7HLfn9nXvhuBGeRLju2N4EZuTKGMjD7bZC82LPM:Dq+ULL/B47Zu2N9uTpmDfZ52z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83718667f53c1631215de896772dcdc0_JaffaCakes118

Files

83718667f53c1631215de896772dcdc0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1c372311534116eeffdf56f3f6c69c5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
ExitProcess
GetProcAddress

user32

wsprintfA
MessageBoxA

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 264KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DAStub
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nPack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE