3ab145ea26dfeaa8a20faa7086c71f96_JaffaCakes118 | Triage

Sharing

General

Target

3ab145ea26dfeaa8a20faa7086c71f96_JaffaCakes118
Size

254KB
MD5

3ab145ea26dfeaa8a20faa7086c71f96
SHA1

4c9ad6f5fd06e7cbba0ff21d430f086a3439b07c
SHA256

a0a4d3b7710bb48e07f5a92ca2cfec208304537fd47545a70f792749b11f130e
SHA512

7beee3cc5734a9e74d8722b622f0a40d3df7c6fdc88f78be3ba728e15088fafb424c452cd9415a1e0d6cca03914c910deb825aa723980f49f4b76f46fc1e09fc
SSDEEP

6144:gUwf3gO7PJhR6SaDxROwF7GmHPWJRQjWRvX:glBL65caimOJ0WN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ab145ea26dfeaa8a20faa7086c71f96_JaffaCakes118

Files

3ab145ea26dfeaa8a20faa7086c71f96_JaffaCakes118
.dll regsvr32 windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

BwwvhzWxnfyuiuxnwqKmhdeytb
DllRegisterServer
DllUnregisterServer
DxbszmupglprzetJgzzgbjrdjeoi
ResumeServer
StartServer
StartW
StopServer
SuspendServer

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdata
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE