JaffaCakes118_ffc926cda10fd60f0f3af5019846578ee2c805833771712bdc4ea80116e9fccf

General

Target

JaffaCakes118_ffc926cda10fd60f0f3af5019846578ee2c805833771712bdc4ea80116e9fccf
Size

681KB
MD5

89bb23d9e4a853958dea5aa0ada59c71
SHA1

18f753af404071d63bc852a9017228306f28be1e
SHA256

ffc926cda10fd60f0f3af5019846578ee2c805833771712bdc4ea80116e9fccf
SHA512

c745d4f75863b7a332cfd570171a0f6619904c580703f17db3e5b550933ee7c858ac1ad6af29cd515a715776bbc7b00c585c6e51b310971c6bf42cfc6f37272e
SSDEEP

12288:HnGLZQb0utU95voiWEvFBU06yYDe9VDP8RZfYtWQmrarcFJjOKnRdIGo0H:L8oiWENBU0nYD2KZf+W9OIjnfIje

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Documents.tmp

JaffaCakes118_ffc926cda10fd60f0f3af5019846578ee2c805833771712bdc4ea80116e9fccf
.zip

Password: infected
Documents.tmp
.dll regsvr32 windows:6 windows x86 arch:x86

07695c81da8ca3f6eeb7be880986f8b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
WaitForSingleObject
TlsGetValue
CreateFileA
GetProcAddress
LoadLibraryA
GetCurrentThread

Exports

Exports

DllRegisterServer
OksrYecfrtekHnwl
XhdulnpglhjmTztfsowpqv

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ