458aa6e75f70984e2c2384c93abc7be8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

458aa6e75f70984e2c2384c93abc7be8_JaffaCakes118
Size

1.1MB
MD5

458aa6e75f70984e2c2384c93abc7be8
SHA1

a5e812a35e359b53f27dbc943d4a2a1c7c5ce906
SHA256

b9e2ee7c62c0e991ecc7405f591b47a34bfd5eb70974d49e5abec17707a0a4d7
SHA512

746c6be404a9bb8a9ea4cb76db0da135a32d3d98d7a0a5de2707fa31f44c8c8f05aaaaef3aae036535cf16858f0eda3e7b35e5478b8cc14cd56b68c9c9b87e34
SSDEEP

24576:Jj88c//////nehq4fi18pjWxVvj1OexZ33L/mcGr8oABx+SCl:Fhc//////neh5K18p+NNScE6xlC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
458aa6e75f70984e2c2384c93abc7be8_JaffaCakes118

Files

458aa6e75f70984e2c2384c93abc7be8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
madTraceProcess

Sections

CODE
Size: 791KB - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 185B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ