d4b9e9d0df5438888a03d14c44e4ba41_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4b9e9d0df5438888a03d14c44e4ba41_JaffaCakes118
Size

596KB
MD5

d4b9e9d0df5438888a03d14c44e4ba41
SHA1

6b4ab692578e7c2c4f22e29884f45d9a4ba2bb6f
SHA256

d584daf6d0fa13a84200c6237fc3cd8341cf60820c34f1c8a14896562286af18
SHA512

60d19655f8ffcab88cfcdd1b59ec1a78fb62088db7e7919e7ed6f7a0dcb1688ebf2b0d16030f67aa21486cea610bb9e8590287b09266ffc6841fd7191e32018a
SSDEEP

12288:4sukklWIbKdQRJbQlbqWya5cs3NQqGhv1dG6ak6ltv:4vkSWh+OlPya59QqGvdGRkM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4b9e9d0df5438888a03d14c44e4ba41_JaffaCakes118

Files

d4b9e9d0df5438888a03d14c44e4ba41_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ