01ad2c8663a56bdc07ea2483e0cdc496_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01ad2c8663a56bdc07ea2483e0cdc496_JaffaCakes118
Size

47KB
MD5

01ad2c8663a56bdc07ea2483e0cdc496
SHA1

11b9e77050360f2daa6cc344e69d8c5ebd33fbb6
SHA256

5820a9d960adedb9b5e893b2bc949d9b4f1b54da042df629e8e7a8590ee9855f
SHA512

d5c54f57bb9910b866127e8c9b5d896703f147d1538d8b6b2387be44b9977e9a5339ac0e581b64dbc0adfe79902a0c0c661f1f11a54595168b965dddcbd2bee8
SSDEEP

768:oSVMqQCVaQkUwjWnoe3jJ1rciO5OpBlWdJYz2w+0e8ybUWjt3xM3JQ4uR:/VMqFVaQbN1rciGOpBlWr6uUWjX6QVR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01ad2c8663a56bdc07ea2483e0cdc496_JaffaCakes118

Files

01ad2c8663a56bdc07ea2483e0cdc496_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MsgHookOp
MsgHookif

Sections

CODE
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ