41c6cd4aa97122d347e9b18e9bc09db2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41c6cd4aa97122d347e9b18e9bc09db2_JaffaCakes118
Size

794KB
MD5

41c6cd4aa97122d347e9b18e9bc09db2
SHA1

7a24f573a5ed90edb43462343c5ad929611e6f4d
SHA256

7d782fb1a87fbb5faf8a005f49a8108f974b3c0b8260a4d817893ea7d159f032
SHA512

b4ba1c1f9e1ee91beb906f76d28d4ef5844a45a52ee7368b20332bae184fd4be42dcf2f75598a517484ecf4625577c90a0272ab6ee66e275c4a036167eff41e7
SSDEEP

12288:atv0EYFWSCJZu51oBcvZHR1LL+Z6biLUWJy1BWcQyHCqmoRINzsp1wo5e6of1cU:OMEvSwsZBR5+UiLTiExoRIqp1G6FU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41c6cd4aa97122d347e9b18e9bc09db2_JaffaCakes118

Files

41c6cd4aa97122d347e9b18e9bc09db2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ