97617722cf3446a32d338ad14a29d9b2_JaffaCakes118 | Triage

Sharing

General

Target

97617722cf3446a32d338ad14a29d9b2_JaffaCakes118
Size

2.3MB
MD5

97617722cf3446a32d338ad14a29d9b2
SHA1

ffe99e4ff047c25547b6684116e57f6ce4668881
SHA256

5834f989be01d7a4e3270d1d3763f2aa321058950b44241bc351d72952e9c530
SHA512

729bfe77e71f05526784a64ee095938539f125c280478db02f7837a25b5595cd5f94fce45c638d94316123cb156579006a924e8ac7df058c06f791b3565cbcb9
SSDEEP

49152:Y9zsGwJ5SK3AGMhJt2bKc4wYRhp26hbKD0QbtoyRt7+F:Y9snvSK3TMhJOKyYRe0QJo4KF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97617722cf3446a32d338ad14a29d9b2_JaffaCakes118

Files

97617722cf3446a32d338ad14a29d9b2_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

976e26153195bfd5951324f53b23b87e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
ExitProcess
GetModuleFileNameA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
start

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ