e1171821ee7abe3d0e229fa39f3fc432_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1171821ee7abe3d0e229fa39f3fc432_JaffaCakes118
Size

33KB
MD5

e1171821ee7abe3d0e229fa39f3fc432
SHA1

f58890251a9b84819c4462d6af2bddb256ee8772
SHA256

4904a1d040a26b72eb182987b07e601de65d4307450e6596c9757c4786302a7c
SHA512

4f879c516230e7133e5bc38e09d9edcc32a1daaefe645b8b36a7ff5f74f3ce88832cfb102b323b5e5b5871c890a570f8df86f908c44c28e10896919d0dc99447
SSDEEP

768:s8VuS48/gJx0Krui8PwaF7ZYBJ9wjQEf74C7DQ:sJNb0cuZ7Zq+xfA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1171821ee7abe3d0e229fa39f3fc432_JaffaCakes118

Files

e1171821ee7abe3d0e229fa39f3fc432_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

311dad2659bb510fcb0432c795b9980b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvbvm60

ord588

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.MPRESS1
Size: 26KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE