0d946c27a5c3dd53305593fb12799c34_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d946c27a5c3dd53305593fb12799c34_JaffaCakes118
Size

158KB
MD5

0d946c27a5c3dd53305593fb12799c34
SHA1

979c1a176cd5a65990534d0f51999966fbf8ce2f
SHA256

4cce1a02232efc25c4071c6629087aa2be212bbb5d8c36313a6e10e6d01747c4
SHA512

4e657dd497a8f953c35a27d262bd755852d1b933e3e553baba43e45167073da18333e7a9f5975709189c84a7e080c083d28f04f2872ce20ac5536cd1d8ab5ca3
SSDEEP

3072:ZVNkgRmUh/DpfJU5OjZj4w8TU1uv5IIPPMpbtAEZYLKrZgIiyS:vNYUhL6OR8TUov5ApbqEZYLKFB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d946c27a5c3dd53305593fb12799c34_JaffaCakes118

Files

0d946c27a5c3dd53305593fb12799c34_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

CODE
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 209B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ