038fa9b1a072cf372c29464e19873a38_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

038fa9b1a072cf372c29464e19873a38_JaffaCakes118
Size

35KB
MD5

038fa9b1a072cf372c29464e19873a38
SHA1

f0bb03d4be8dfe021f38a5766fa781bc02e1b0bc
SHA256

872acbaed8e0499e9fa9a6a19be4c7fcbdda89460c59583986bb4ef4b5db6502
SHA512

64132bdec9df6191520b1bf5b2a95db5617bf5e29007c2ba6e1be78c9cb93b1f2d16cad9dfe12b2e53827287b0e7f8aa6e686d2b9bda86cc60ba023d91a7f3dc
SSDEEP

768:0oiSqZOIQevmCLvBFH7Z0H09lRUY6kddWgMyc3H9:0vSqZpQizzd0H09p6ykyS9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
038fa9b1a072cf372c29464e19873a38_JaffaCakes118

Files

038fa9b1a072cf372c29464e19873a38_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MsgHookOff
MsgHookOn

Sections

CODE
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ