de49850d1f3e1e06e417c62f0e0a5d6d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de49850d1f3e1e06e417c62f0e0a5d6d_JaffaCakes118
Size

879KB
MD5

de49850d1f3e1e06e417c62f0e0a5d6d
SHA1

73429fbc7e5a60c6694f7483e569ba9d20a0ea14
SHA256

d7f8b22f12822fa909f320cae7302c84aa55f1f7af859942186750e385b5bf19
SHA512

769f8714752c59c82cfdb801346552e4da55d2f0219b6b207f056eb7ffa69d6885e74152bf0620dddbd48038e06d86ca45e28b7daaf88c1dd4a1935660e7c0ca
SSDEEP

12288:807RCmpbcE0eVINIjOpzPGXCH6jObFazU42p6CZpvb+3BlkWzB/VpA0:8mw+0eVINIipyX9ScUnwG4FVpA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de49850d1f3e1e06e417c62f0e0a5d6d_JaffaCakes118

Files

de49850d1f3e1e06e417c62f0e0a5d6d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 767KB - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ