ba258b6eec8b85d76dc59a635ef69fcb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba258b6eec8b85d76dc59a635ef69fcb_JaffaCakes118
Size

1.1MB
MD5

ba258b6eec8b85d76dc59a635ef69fcb
SHA1

a640c2c4e5fa3da0659ebaa1218680c375462208
SHA256

c17027bf8c55d88904cb24493cf02dd6f4c35eccf317037a3a701691ba25742f
SHA512

eef5ce4310f9c1f4665389e970c7e662338cc1e7cddfe2e2df1f61bfdd2fec7ca559851453e6d74d913b75c0ca0a078dd4acf4d5d9b58e3407cc15b87db3bc32
SSDEEP

24576:oICc//////+SKMWBMH+UK5sSrfNgCx0BsnBJQrNTHv0l:cc//////+SKMWmeUKiTKWdHv0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba258b6eec8b85d76dc59a635ef69fcb_JaffaCakes118

Files

ba258b6eec8b85d76dc59a635ef69fcb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
madTraceProcess

Sections

CODE
Size: 796KB - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 185B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ