f91838b10e8a299793932cbb59ff9498_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f91838b10e8a299793932cbb59ff9498_JaffaCakes118
Size

69KB
MD5

f91838b10e8a299793932cbb59ff9498
SHA1

dc6f418e686129d6c1564c04db7e7f0a9c06e53b
SHA256

75d9ae4360e5b7b61679823d8ea0546cdabadf6e39ae99c445f9b58d73107668
SHA512

76558ce45bfb8a2361bc83cd8175a5c50d5db3606b82769814754e827b7e5393d1e52906b9fa03971569a7842a2973155f11f49bdff7c759e5c338295eb082d1
SSDEEP

1536:BmpUFJInjl65X4zzGXqyh4zEpL3nSczqCCp7mD+H:Bmpnpg4zzGXqyIWnFmCCp70

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f91838b10e8a299793932cbb59ff9498_JaffaCakes118

Files

f91838b10e8a299793932cbb59ff9498_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

packerBY
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bero^fr
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE