00b649ebeeb7e469f0dbb9a34b14e37d_JaffaCakes118 | Triage

Sharing

General

Target

00b649ebeeb7e469f0dbb9a34b14e37d_JaffaCakes118
Size

90KB
MD5

00b649ebeeb7e469f0dbb9a34b14e37d
SHA1

dc3ca9687b6019ca62d5610f244e61c9cb8c6b4f
SHA256

97c12283f1554e093c58435205daa6a93dcee453b9ab04435de0d09907e8660b
SHA512

cbeaab03d825bf1f93d2b6d207c99684217bfa6767666c736b8f3804f2a22e0f1a4cfad0966c5b51cbf267ff1b6a11b86eb9e516ca5d1af78d0deda4534b03db
SSDEEP

1536:2RmJVtML45cbDLcB4n/XefYGXtmCePuqrbtVwbSgr:XVtTCb0qfEjePuCkSgr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00b649ebeeb7e469f0dbb9a34b14e37d_JaffaCakes118

Files

00b649ebeeb7e469f0dbb9a34b14e37d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

mc
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

h
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9txs
Size: 4KB - Virtual size: 739B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE