13362e3682be5d28d2b4245b933d7cfe_JaffaCakes118 | Triage

Sharing

General

Target

13362e3682be5d28d2b4245b933d7cfe_JaffaCakes118
Size

239KB
MD5

13362e3682be5d28d2b4245b933d7cfe
SHA1

e61511a4897c684436ff87a23da8a73ab782574e
SHA256

3331b44971d3e258dd09547bcb3f012694dd78e2f88553601ccabd8d779172b1
SHA512

15ad1d1cdb5359ad3826e1afc324567879e0843db1fa7094c8a96a9ad7143f2647e0c78dff028a69bd8bd8fa8de820488173cbe1810bad7ce5501b0800621983
SSDEEP

6144:1RlRUtrf4RRT+awNqpKohpb7EUwtqvgGT24s3AVLAaWMCV4jPzxHQu:1nGFuRW0NVQtOgFFWWMfjLdQu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13362e3682be5d28d2b4245b933d7cfe_JaffaCakes118

Files

13362e3682be5d28d2b4245b933d7cfe_JaffaCakes118
.dll regsvr32 windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DllRegisterServer
DllUnregisterServer
EhvwwyqzzLvcghzzjzncdpn
NcqvrxpjFaqpogvdYvcpigrgbg
ResumeServer
StartServer
StartW
StopServer
SuspendServer

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 691B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdata
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE