f655bc8ccd0035a7a40c313c1ced5927_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f655bc8ccd0035a7a40c313c1ced5927_JaffaCakes118
Size

540KB
MD5

f655bc8ccd0035a7a40c313c1ced5927
SHA1

d3a6a999f2b5b1651f062cb925fa421466f4d5b7
SHA256

b20107ba77d6558dd450062667e2f90f6290949c6fb047dfddf4c3e892797619
SHA512

5a88a1a643b4156bb6cf4901953134a6e99d29681f2135466b4229f8e8d45ac425c14ca3a1b84f0798bfec2dddd5a29cc6a30f878b0187efde81c333ed495648
SSDEEP

12288:Xs0VXkvBooRdN0FLBA01cEtE7z+F4VESSgUbp+q:XJgbWK0vS7z242S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f655bc8ccd0035a7a40c313c1ced5927_JaffaCakes118

Files

f655bc8ccd0035a7a40c313c1ced5927_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSInstall
NSUninstall

Sections

CODE
Size: 462KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ