0b4f3d934a800ce4a9f83ff8dfb1e0d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b4f3d934a800ce4a9f83ff8dfb1e0d7_JaffaCakes118
Size

53KB
MD5

0b4f3d934a800ce4a9f83ff8dfb1e0d7
SHA1

0d70035b27d51cb1ab8b9fa72c1fcc0217df9eeb
SHA256

e641c8d065c067645dd7c22e972ff28d2fae2ccb0aadeb1bf14b8a73868b778f
SHA512

45da858c3dd762b67e4b1fc55b79d82a66d659d5086400571960448f909786c0c5c0451fad3c7dc6900a5277486b547bb0e14565dd09fe84415bfab82e136074
SSDEEP

1536:NEN+ZLHlwk0qEhlBJlslF79LwaU/6cS5Yn9nxXcs:Py1xXc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b4f3d934a800ce4a9f83ff8dfb1e0d7_JaffaCakes118

Files

0b4f3d934a800ce4a9f83ff8dfb1e0d7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1d38528157b28f380fddfd56bb5f3a0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
MethCallEngine
EVENT_SINK_Invoke
ord516
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord520
ord631
EVENT_SINK_AddRef
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord606
ord319
ProcCallEngine
ord537
ord644
ord572
ord573
EVENT_SINK2_AddRef
ord685
ord101
ord102
ord103
ord689
ord104
ord610
ord105
ord320
ord321
ord616
ord617
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ