386ba5959bc01cf7706aaaccfadc49a0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

386ba5959bc01cf7706aaaccfadc49a0_JaffaCakes118
Size

599KB
MD5

386ba5959bc01cf7706aaaccfadc49a0
SHA1

aec8ea4d5450ac0ec1e53e1597d25b7b9cfe2dc4
SHA256

bc529e73cf35fc599a729a0b60ddba7885c4f9096b2e588e28a5aca898167faa
SHA512

9bee2687af40d4bd0eb8c53b201003c2c70ded1c5981258ff8136a9bd59467ed059700c03b818f9d5aadf1568b049232cd8d564cc290cd7f645b0c0d5e10f68d
SSDEEP

12288:9viGqB8vFJySCXSs9/NAolnnMATPxhOLgVzyDZbBkt:96Gw8Ty3XXplnjlhOLgVuDZV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
386ba5959bc01cf7706aaaccfadc49a0_JaffaCakes118

Files

386ba5959bc01cf7706aaaccfadc49a0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ