1667dba8c32738b42b5df2b3dd56dd31_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1667dba8c32738b42b5df2b3dd56dd31_JaffaCakes118
Size

121KB
MD5

1667dba8c32738b42b5df2b3dd56dd31
SHA1

de6a4be702d120829c460fff804d7998f9b86719
SHA256

fa2e1aa7da47cfdc4bb4cdc40a44ccf094024b889594043431a05a2035a4da76
SHA512

c16f724864dbd94a8238365a7261df03f9a2fe08080b756991289871165f9abd4d34198759adae319bbda71664a20bca782c94490be88c11d91b1dc8975c493d
SSDEEP

1536:DJVpaB3P5kBgluk7T37xeTRkfTVWd0Y2GpwQeKcbw+aqETpk:1PaB3xkBgEk7TMTRK1Y2GpwZNaB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1667dba8c32738b42b5df2b3dd56dd31_JaffaCakes118

Files

1667dba8c32738b42b5df2b3dd56dd31_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

f5o8lo0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

f5o8lo1
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

f5o8lo2
Size: 31B - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE