04f09c52641a1d4afff418aecdeed84a_JaffaCakes118 | Triage

Sharing

General

Target

04f09c52641a1d4afff418aecdeed84a_JaffaCakes118
Size

46KB
MD5

04f09c52641a1d4afff418aecdeed84a
SHA1

ff011a08be9194ba053c19b594696b88255b85e1
SHA256

d2818972de3d08ca92f3f20d8ce16680914d276056318d9ff37c5b978a3586f3
SHA512

bc04209a3e96505da0f2fef0bbc4ff81c06021f86b92c7d912976c3a6759acbb96a2fb747db52c8bd8d3223315eb7ff755075f3ac96186e7f250cd3d35f5a5bb
SSDEEP

768:lSQMqQCpiQoMxKbw+PBiO5OpBlTJ9SpilxlHofsfrxMa/qlPFU:kQMqFpiQm1piGOpBlTJzD1OlNU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04f09c52641a1d4afff418aecdeed84a_JaffaCakes118

Files

04f09c52641a1d4afff418aecdeed84a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MsgHookOf
MsgHookOn

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ