16a6b00dc8817a18d79bdcd0af13b49d_JaffaCakes118 | Triage

Sharing

General

Target

16a6b00dc8817a18d79bdcd0af13b49d_JaffaCakes118
Size

70KB
MD5

16a6b00dc8817a18d79bdcd0af13b49d
SHA1

fcb0cb1dad9abfc76621db951e739e63187c778b
SHA256

8e977e8d9ededfd1657cd4b27d63696783b988f194ad309882ca7ef256e5dd8a
SHA512

049ed7ca3b6be48e6ca36e7a81d635df7f71d303ffa05e1785a88cf2d46e91e63a1b3e3bb33e150fe633717e662ed610e7cbf234e00aa8db99bbf97e9c421e84
SSDEEP

1536:+SEN0zPsv6Hjb7vKxlIX3WcAEURjcDOARmp4p9vrSXzuN1rjgyY89:+STzPy6H3bKPIXZMc6ARm+9J3gw9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16a6b00dc8817a18d79bdcd0af13b49d_JaffaCakes118

Files

16a6b00dc8817a18d79bdcd0af13b49d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

packerBY
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bero^fr
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE