ce161d6ac4ae53e8ba6f9462af51e98c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce161d6ac4ae53e8ba6f9462af51e98c_JaffaCakes118
Size

609KB
MD5

ce161d6ac4ae53e8ba6f9462af51e98c
SHA1

2d5a31033fa153a5525a36ac46cb7bc1976009b3
SHA256

411d0d362c36c4f8ed78a9a6a4055d35e78545c282dd890911724da33844af98
SHA512

ae5d89f4df1566e23c7fec4ad15d6bd517233aa5fcf1302e63ad939fad9fb950a4f0b62ae25aa9f257f9d1d4245394782cb08369e1b68601602d1a7a00117b35
SSDEEP

12288:kVYysM5Ic4nrmfCovMbgPNeLzCR7PH2qiFMfy5Kb1mbY:kKy35I4zpPszCRqj4QKbo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce161d6ac4ae53e8ba6f9462af51e98c_JaffaCakes118

Files

ce161d6ac4ae53e8ba6f9462af51e98c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 521KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ