06244fac3982947544941deb0a32c6d2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06244fac3982947544941deb0a32c6d2_JaffaCakes118
Size

31KB
MD5

06244fac3982947544941deb0a32c6d2
SHA1

5f454d4a4d5cdad1466e30b4fe432487f944ca48
SHA256

ddff6be3893dbd24677acd3694f82fb7e65c20050583cb3561905ded1601c852
SHA512

39f90424a365470b9a0e5233378b66b9fee6f846bd517c4c8479577ac999f2b8761ef057ae911077363cbc56b6bd298b903ea406b5523667069028ed8ee51764
SSDEEP

384:7xZEONCQqezQVszub9JlgIlrJbjR3xylBqn7QIyHtxmNsJ/IUzBTrlxJZW8mcW3:UONtqe0Vszq6IlZjR3NUIyN+30BTrUB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06244fac3982947544941deb0a32c6d2_JaffaCakes118

Files

06244fac3982947544941deb0a32c6d2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MsgHookOff
MsgHookOn

Sections

CODE
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ