899d8db86d2b5a17aad8b5278767ef21_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

899d8db86d2b5a17aad8b5278767ef21_JaffaCakes118
Size

977KB
MD5

899d8db86d2b5a17aad8b5278767ef21
SHA1

b98f47f4c2dbf25ce6856d420e6894fedf112a70
SHA256

3e60b4807625b2f926147c777f190f1528a4ddee697e4fa972e63bd1a089e356
SHA512

547253987a92f8e96735324d8cea2d014d62f3042d4d05c64753695cdd30d7b07e5d68e2b188be7ed65cd9dfb644002a3f4903a8ef34e670a03a6ffe45019557
SSDEEP

24576:aNI4KZHE0M0GRhehuClbp46woEHisSHsWO67Vs:aNfKRdGilbp4KEf49PV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
899d8db86d2b5a17aad8b5278767ef21_JaffaCakes118

Files

899d8db86d2b5a17aad8b5278767ef21_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 967KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE