f0c3a94fc37da7a39a4b361030a1f390_JaffaCakes118 | Triage

Sharing

General

Target

f0c3a94fc37da7a39a4b361030a1f390_JaffaCakes118
Size

85KB
MD5

f0c3a94fc37da7a39a4b361030a1f390
SHA1

4ceb4585ce9723d642c852fdd36b32f190c8ec03
SHA256

10eb5d9050d7db59b7f1f8c40858eecab90339ad6a8614ca16a9783010a7a6b9
SHA512

3c134b473566f743c822ba44dd6486ceb8f10ca48711a7af167cdb100d5c50383882341b4b5656c458def08c196ac24de442164f53dc5c3d7d5b1d1610e685ed
SSDEEP

1536:RdgGsCCEFpUZYfj1saAE6AMAerSpYRBMi8u8XRjvo2HAiSB/d1CSWq6AMAeD:RzsTE2C25E6AMAerSYRqiMBjXvw/d1C7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0c3a94fc37da7a39a4b361030a1f390_JaffaCakes118

Files

f0c3a94fc37da7a39a4b361030a1f390_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE