dc4e3915bf391a50d42e592d62b0d9c9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc4e3915bf391a50d42e592d62b0d9c9_JaffaCakes118
Size

636KB
MD5

dc4e3915bf391a50d42e592d62b0d9c9
SHA1

9fe8f6579a2e35a4ffa3a2650d86666a0b8dfddb
SHA256

10ad0e46cb44c3b9bca4f20a53737952b1bf6511dbed8a76f60ca978c90b8153
SHA512

5e1e4a9330a908282ac4bad66b6116d32514f15313abb37b2b6baba25f23cc56b599f2137ee4090e2bedab9b689a3322bf70188a5e7c7f8909bba3bfd0728a64
SSDEEP

12288:sM0t9FNcxDMmfrLAF8rZIRf2MmsX4e6AQ8eaeiRh5/fO79s:8tjNcXnVInv4e3PeaeGhR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc4e3915bf391a50d42e592d62b0d9c9_JaffaCakes118

Files

dc4e3915bf391a50d42e592d62b0d9c9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ