f01b986064adc1fe02d44cf3bf513452_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f01b986064adc1fe02d44cf3bf513452_JaffaCakes118
Size

470KB
MD5

f01b986064adc1fe02d44cf3bf513452
SHA1

125354e88f6bcea92676b35e19b70030bd5875b0
SHA256

1b50caccc7ffedefa6dc63e419192bce8aa4cf4835b75dcce60674cee1a85232
SHA512

13a219a447592389d80bd669b522f0704ecfb867535d034fe130d9c09ff5cdb4019bd88b4b2cfcb50a17d8d3d606b0313938ba46584e9778ba7a0d679213d6ce
SSDEEP

12288:UANpJmKkUU94Gy+NRaJ6y8sp/W+LXgEYH/MjJ+QTrFB:UA9kUDmyPp9LXgV/YRTr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f01b986064adc1fe02d44cf3bf513452_JaffaCakes118

Files

f01b986064adc1fe02d44cf3bf513452_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

aadf5c8667fe05f652d8f2e502e2b9d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

GetModuleHandleA
GetProcAddress

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ