2ab880adb087f5276546592784168979_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ab880adb087f5276546592784168979_JaffaCakes118
Size

50KB
MD5

2ab880adb087f5276546592784168979
SHA1

0057f234a4c0eb2bd123fe46ce1c039f6ac244d3
SHA256

dfce2db07269e761a1fef5d236b7a38ffa53e163bb4a74b39beba1b171c4b8bc
SHA512

56648baf8b7e9a9e69663466fb810a5e9cbd58170189672601e4529178ff6815ae021d6a4466245dfe9a5b25e92d83e29aff252f1b820077f04c49deab446cf8
SSDEEP

768:2mpM89JiBw8LZVJqzyi0poqgX17PHZLHVZw0cT0Wwy61vdivYZ2/369:2a77ub8mfpZgX17vZL1ZgT0Ww/rd9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ab880adb087f5276546592784168979_JaffaCakes118

Files

2ab880adb087f5276546592784168979_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HookOff
HookOn
MsgHookOff
MsgHookOn

Sections

CODE
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 237B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ