JaffaCakes118_26da6bffe28edb5a50a339e8e66f823b30cb6a6fcfafa699cfed0c3722cff810

General

Target

JaffaCakes118_26da6bffe28edb5a50a339e8e66f823b30cb6a6fcfafa699cfed0c3722cff810
Size

33KB
MD5

96de0ca0e0cb79f92ce594520845154e
SHA1

09345cce5a8d34a0cee30e6e063ae980752241e3
SHA256

26da6bffe28edb5a50a339e8e66f823b30cb6a6fcfafa699cfed0c3722cff810
SHA512

9973d9ae6f77bb785705715ed5c1493c25bcbf3cc3b435ea3490a79bdde571e9341516b830199b64e6735ffeca7f8a94bd3a34381ce822c6011c6d5efa551b69
SSDEEP

768:Wdns885cblHTcDbJB0vsBgaeZHcAEz+LCd8//TKNtSPxQ2ZK4+:M98UgDbJB0kBgaeZHcly+oPB+

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/48878e6ae9aad7bca993b41cfa36351ae853ec3a59683bcb0ed5accf7c595202.exe

JaffaCakes118_26da6bffe28edb5a50a339e8e66f823b30cb6a6fcfafa699cfed0c3722cff810
.zip

Password: infected
48878e6ae9aad7bca993b41cfa36351ae853ec3a59683bcb0ed5accf7c595202.exe
.dll regsvr32 windows:6 windows x64 arch:x64

cfa8dd488fd4044f7dbcc5838881a33c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetCurrentThreadId
GetCurrentProcessId
GetProcAddress

Exports

Exports

?druio@@YAHXZ
?dweby@@YAHXZ
?hoprtw@@YAHXZ
DllRegisterServer
PluginInit

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ