d2868e38fef0a30876cc96e15aab8c91_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2868e38fef0a30876cc96e15aab8c91_JaffaCakes118
Size

735KB
MD5

d2868e38fef0a30876cc96e15aab8c91
SHA1

018f1fb6e62d39ca579719bbb12a2cddb421b614
SHA256

49409e953211a9855f5fd995dd298ec9429be54dd7417dbf3baeb8acd9cf7f77
SHA512

1c85b08b3b4a241b9eb13e4a59d4fe65e428c56249ad3142af47c378b73750233d800fe448f2362f307347ff4ead243d771cddd4f749f39ed946577015b75b46
SSDEEP

12288:/G6lx1NmnAQfhzVqoLTrUdSiMAR96N3C+AsHW7o8Fe+U8o3LNwv9VYK/fO79s:Bl3Na9tVqo7t8R96hHAte8o3RsVp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2868e38fef0a30876cc96e15aab8c91_JaffaCakes118

Files

d2868e38fef0a30876cc96e15aab8c91_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ