1b86ccd885c8be3dc69351e9341e56c8_JaffaCakes118 | Triage

Sharing

General

Target

1b86ccd885c8be3dc69351e9341e56c8_JaffaCakes118
Size

33KB
MD5

1b86ccd885c8be3dc69351e9341e56c8
SHA1

71c4bf4cf0b7ff3c03a7577d81f9695b04ea0ab1
SHA256

1417ca614a9cc908935955651b0d81b409869a43ccef0c18f1220eb9679c10d2
SHA512

7cef94ace17cb48ec0d511b9f928ecf9ddfe975a93a38d1c6e6c41708571adf8ad45f831bca90214a2171fd9560b2fbdc3a94afd6a414ff3196420181492eff5
SSDEEP

768:HsW70S9vqLkJ44wvTNX/9LDVEoIO6be6DBVzVoUp:HjIS9vqLkJlwh/93VE7O6JDnzC0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b86ccd885c8be3dc69351e9341e56c8_JaffaCakes118

Files

1b86ccd885c8be3dc69351e9341e56c8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

.Upack
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE