f1d550b92f29bef89ffa30b0bddfaa63_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1d550b92f29bef89ffa30b0bddfaa63_JaffaCakes118
Size

140KB
MD5

f1d550b92f29bef89ffa30b0bddfaa63
SHA1

0218388285196cbab55d9d269296cb410efc5140
SHA256

3acea087fcdc302f947e6a1d0b79a09fa57824a14c2793643b61f10130acdeb4
SHA512

144f57108f383ff4116d90e65ce6dea9063c80d515c1af7107d0e73691ec082b65ded133d852a1fb26cf90a49f525fa2b9c325b6a5e59cf7f63bdc78496d2b85
SSDEEP

1536:kQUXEbmcwV9ElJqTbU0RXwCtSRPF0h8k79Pl5E0HW6jGe+xv:kQwmmcy9gJqLRtSRPFidkik

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1d550b92f29bef89ffa30b0bddfaa63_JaffaCakes118

Files

f1d550b92f29bef89ffa30b0bddfaa63_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

fn
Size: 512B - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

s4
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE