089816cb566086232b79e0e3981e125a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

089816cb566086232b79e0e3981e125a_JaffaCakes118
Size

43KB
MD5

089816cb566086232b79e0e3981e125a
SHA1

cf80750d7a96bb1d42952c8e85f38b635f0683b1
SHA256

9502a87387d9dd42e7b4bf2825a9d2472bbbdc5b0efc2d367b35deb2c48556b7
SHA512

37e2f69882031f5a16b7f2e27bfc547c066d2d40b493eb8af8123b6d221f876294c5b746554c91a7c2144b2c163c1e016a9bc86d37a1284c11e1f7e92791910c
SSDEEP

768:O88FUpSvpZ9rZOeWG9IfMtOAiHCjMAu/AUbix+yb98orV6ch/mJ/xeqJAiE:Oj39OeWG2fMQAiHCj/u/In9Rwch/mTAF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
089816cb566086232b79e0e3981e125a_JaffaCakes118

Files

089816cb566086232b79e0e3981e125a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MsgHookOff
MsgHookOn

Sections

CODE
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ