9549e208b697a8e9526eba3550aa06e5_JaffaCakes118 | Triage

Sharing

General

Target

9549e208b697a8e9526eba3550aa06e5_JaffaCakes118
Size

215KB
MD5

9549e208b697a8e9526eba3550aa06e5
SHA1

48930e0946a3bce20c99df736b071b21b6ca1d0e
SHA256

5548f7c34ee189e346867177238218a633f0c9400b203cb9c66439c690e230ad
SHA512

30960950d591413d95a34c66d47431c485b5f6cc1aa82a26c87796c70dd56a81477d954e46ff93caf3b8ddaec9b1936279b06af195ffd6c6821fa5e0a24d1587
SSDEEP

3072:lhWvoteitxXzXu6lFgn2OHCB1otCsl1nr3wZusDmrpDfW7IswWdYz5y3v8QE2lKm:lwv0fju0FSbwot1OirmIdWR3v8UYR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9549e208b697a8e9526eba3550aa06e5_JaffaCakes118

Files

9549e208b697a8e9526eba3550aa06e5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitEntry0

Sections

CODE
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ