40cb5003e216a810fa1f13db89bc9584_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40cb5003e216a810fa1f13db89bc9584_JaffaCakes118
Size

575KB
MD5

40cb5003e216a810fa1f13db89bc9584
SHA1

687721ed70d36509f27759f9f7f109bbde7ffa6b
SHA256

ac0385649ac047fd93898947a753d7e12d7d3423f864644f663630a6d8bf7349
SHA512

05e3f6d0cb3e607e9a5752a0338930dd1c1ec9923897a86f9b8761b319d46806581ee29b97f6d5fccd16a23cdfcbfcbe3c828ef8da6b35cf9eebe167cb6c6ef3
SSDEEP

12288:s+pL5izeFEgRvp2hMb7sStbODiOm/yOsx/T:s+PHXvp2esaaihZs5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40cb5003e216a810fa1f13db89bc9584_JaffaCakes118

Files

40cb5003e216a810fa1f13db89bc9584_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 487KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ