069b3249b3667609a2057259dadc4308_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

069b3249b3667609a2057259dadc4308_JaffaCakes118
Size

30KB
MD5

069b3249b3667609a2057259dadc4308
SHA1

f076a72b2b0069dd73e6c86e5ac507fa834e7b41
SHA256

3bff2cd4021bd6816ad9623248f0b09fde4d04a5bef73e343d002b764111e518
SHA512

83b8e52b987fc496f98f7540ad888dadeae470b3c3a588f9ecc7f0be3612e26af64d418fb35e6e7cad9a5ab974b3ef0b9218eefe9fea035257ff231b2559efe3
SSDEEP

768:AKSyqu0G0GQDcq0rtx6iXEW9qZYT0fV5ud7PvWx/0:Ayqu0G0GQRotxREW9qPfV5W00

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
069b3249b3667609a2057259dadc4308_JaffaCakes118

Files

069b3249b3667609a2057259dadc4308_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ