395ac7f0570496d7386546740c520f68_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

395ac7f0570496d7386546740c520f68_JaffaCakes118
Size

1.1MB
MD5

395ac7f0570496d7386546740c520f68
SHA1

df1fb112b3978d2fd7377caba16f9a8a05923c21
SHA256

7fd78ac43e3da844bc763e1a1a3962f43040fd623b8a8fd5c8b60f847c9eac23
SHA512

755cf555cb73f356f7546690de2bb3943d3fdb25fe448fe51ed1d3718c974b429c5713505991551e9263ec2f2f6c57bf1e0c9783476716eb131519acf4cdde6a
SSDEEP

24576:DTM8c//////32RaYPiVMhSGgCVfTFuMHX7vhob9tB+SWl:nRc//////32RpaVMhHTlIzBlW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
395ac7f0570496d7386546740c520f68_JaffaCakes118

Files

395ac7f0570496d7386546740c520f68_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
madTraceProcess

Sections

CODE
Size: 794KB - Virtual size: 793KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 185B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ