047aa69d0c103c64d687ef3af87a0d7c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

047aa69d0c103c64d687ef3af87a0d7c_JaffaCakes118
Size

42KB
MD5

047aa69d0c103c64d687ef3af87a0d7c
SHA1

520b246444d448273f1eb73b15dfd9694e1ba751
SHA256

b33e1b456570800063ac503f86d8988cb61931a0d74ec1a708fa0cbc0142d5f3
SHA512

2c01e3c85ed975d68ebe77895858405389b66b0303208ad28e5cf74cb079e83c7ad0ac00f388951c96860243f5bdcaa53a64a3bf77ff7072bce7b49490e5ceb4
SSDEEP

768:ZCaqxQsbmSkTyyo1+U4XIRU8eoqBK8YaWdfYDxtgSSEZpEQ:AaqxQZSryo1+ULR4KRaIYj6EZyQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
047aa69d0c103c64d687ef3af87a0d7c_JaffaCakes118

Files

047aa69d0c103c64d687ef3af87a0d7c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ