25e0c20f88e6482c54f5b759228a1bc0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25e0c20f88e6482c54f5b759228a1bc0_JaffaCakes118
Size

140KB
MD5

25e0c20f88e6482c54f5b759228a1bc0
SHA1

5ada582cea131adf947fd11e5adff5e064f648c3
SHA256

c1f325dc633665ed510f1cb136f273cfb4f7ca06e4596f157c2a07dfba2f7be0
SHA512

b7a07e09ba3c7da0e0cee4aff5d2cc50c837b276aac4640c470cc0c932484e870ab30046b88e0952d89b10899210b81a32313d8b6c8c86ae1921c1939bb0fc36
SSDEEP

3072:DfeS69DRIieLAyMCvg9T4dfvPD6CXyE8:jeSCHeLAxWg9kdfvPD6O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25e0c20f88e6482c54f5b759228a1bc0_JaffaCakes118

Files

25e0c20f88e6482c54f5b759228a1bc0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

Size: 3KB - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE