1b88c3918856224e4967ef27070b5ba7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b88c3918856224e4967ef27070b5ba7_JaffaCakes118
Size

140KB
MD5

1b88c3918856224e4967ef27070b5ba7
SHA1

91b5841b7cb0a8414f85d9871e22527f6d1c7787
SHA256

2d7046e13a3313473fa8813a1b4b480eca0710ff36bd0331da8d1dfc9db060ae
SHA512

4795d1c0ea437035f9f5316734046707f718dbfc9bcd02566f1f39dfdf412d3e29a64abc73a1d1a2d7120c4a0961ef65b8856af9b2e61306ba2bb3d42a4c3c15
SSDEEP

1536:To9tetrTB9XR2UvWuE6Px/MEoyApYEKn+RPF0h8k79Pl5E0HW68GVRs/IbU9Ap:Tomh3BET6RMOEK+RPFidkRGP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b88c3918856224e4967ef27070b5ba7_JaffaCakes118

Files

1b88c3918856224e4967ef27070b5ba7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE