40835901880c10fb25b13c6c464ab3c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40835901880c10fb25b13c6c464ab3c3_JaffaCakes118
Size

128KB
MD5

40835901880c10fb25b13c6c464ab3c3
SHA1

2b2acb2008348d2a4f68cccf928ce7434c031411
SHA256

c4b619c4d89b36737549c1d8a5548dfde614c6ddf47ef6b1b208e62e30b2b119
SHA512

cacfe75e23984601f6663d6e3cfa79759a41f75dad3898783c24869aa10c224a48258e182501fcec42ad6e159a5b01578176ec7cb20022d8223e8d95f605d77d
SSDEEP

1536:RFNlOIUvTKROJDXXwGPnn3R9sPaFKz+LY8:/NlOrcQDXXwGPn8PtzGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40835901880c10fb25b13c6c464ab3c3_JaffaCakes118

Files

40835901880c10fb25b13c6c464ab3c3_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

92a899d6e5723cbcd303e4cb817caac5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord520
ord523
ord525
EVENT_SINK_AddRef
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord606
ord607
ord319
ProcCallEngine
ord537
ord644
ord645
ord648
ord571
ord573
EVENT_SINK2_AddRef
ord101
ord102
ord103
ord104
ord105
ord320
ord321
ord616
ord617

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ