25daf2c70f5a12dacfee04bfa6be4403_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25daf2c70f5a12dacfee04bfa6be4403_JaffaCakes118
Size

1.1MB
MD5

25daf2c70f5a12dacfee04bfa6be4403
SHA1

f753380b26fe8cbea7405ef0877fc19a1f3ffd23
SHA256

ad1b1fb4dd735a768f1f9e9404ee193d222b67fe99ed9d8371a5640c49c9e7dd
SHA512

86c995c5c85ec189202212cfdc439e6a06eac9083a68924ee2dc652a2dd37a46df19676b2ff6a9ac71c6472da100c1c34f7259a00ea1ca1a52d6e8b0459e3069
SSDEEP

24576:/j88c//////nehq4fi18pjWxVvj1OexZ33L/mcnMOBx+Sxl:rhc//////neh5K18p+NNScnMgxlx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25daf2c70f5a12dacfee04bfa6be4403_JaffaCakes118

Files

25daf2c70f5a12dacfee04bfa6be4403_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
madTraceProcess

Sections

CODE
Size: 791KB - Virtual size: 790KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 185B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ