0ce77db761301fc83351b00e220f923b_JaffaCakes118 | Triage

Sharing

General

Target

0ce77db761301fc83351b00e220f923b_JaffaCakes118
Size

169KB
MD5

0ce77db761301fc83351b00e220f923b
SHA1

b876aa10a2145fd41de3ecea347ef850b379bbd3
SHA256

f33d97650ba262901ec2bc25ebb2f33a8e634370accccfbd9d0d80bd673b7870
SHA512

e32c4583600533081b578dc7cc96b52f9e145d53ffdf743df548595e3de571045c23366fbc48fd07787896c7ee896f4d3de830b68e1996f8a50f92337656392b
SSDEEP

3072:cCDv4z7W0ZotWQ5OS7pHfxdT+R+W+qJGUE3Zooqk5rkzWycZ289gb8y1jKKxQVlE:QVpQNRbTF4GUEWoX5YqLEmgb8vKWlaOc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ce77db761301fc83351b00e220f923b_JaffaCakes118

Files

0ce77db761301fc83351b00e220f923b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0cbf970c7b2931021b41a9689023109b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvbvm60

EVENT_SINK_GetIDsOfNames

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 161KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE