ce9966aa971f3bd79a8bf1c492132e92_JaffaCakes118 | Triage

Sharing

General

Target

ce9966aa971f3bd79a8bf1c492132e92_JaffaCakes118
Size

17KB
MD5

ce9966aa971f3bd79a8bf1c492132e92
SHA1

f57b33b804aa87bf4e1378fa8ffeee85349893ca
SHA256

20e22eb609fa07ce93d4f8743e560f96036ddc5759f368057eea5a733e598156
SHA512

3d182f40b5e5986078f3ca05721ae555cadc2a895072d997fef58a9efcb40d93855255becc37301ef130094a4610636ddc1d162dc22c8c8b6fd92b6b46fe30e6
SSDEEP

384:eRh/rp+6Yf0+NKPXa4gAa8x4CC6xDI/UqcdPktmOZFC:ejE3/AX/D5RPkHj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce9966aa971f3bd79a8bf1c492132e92_JaffaCakes118

Files

ce9966aa971f3bd79a8bf1c492132e92_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fa0236ba592886629c15df5d40ad8e0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

urlmon

URLDownloadToFileA

msvcrt

wcslen

user32

wvsprintfA

oleaut32

SafeArrayAccessData

atl

ord31

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.rdata
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE