2fd9d64887ef18e20b3954681c40d281_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2fd9d64887ef18e20b3954681c40d281_JaffaCakes118
Size

318KB
MD5

2fd9d64887ef18e20b3954681c40d281
SHA1

8c912591037f3571d115ac9f578ab67e2aea58ac
SHA256

05cf8d46b054cb45cb61cdcc787253f56cddb5004454ec2cf6fc2d11656029ad
SHA512

9097327bfa486a0506dbf77356136e263aa55487a5ffc0adcf7e5ea67cb3d9ba46fc51f4c3f411b4f19b58f5257b70860d151a0845a4382ec4d69371b0127b6a
SSDEEP

3072:scEiIGUMIVmP4Il5FP+yyY+lKyzytkIIbptAOQfo10K+1yCLWUPnyWlBqdAQ3hbR:wUUMP+dwysSpqOQfoiKCZl8AYu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fd9d64887ef18e20b3954681c40d281_JaffaCakes118

Files

2fd9d64887ef18e20b3954681c40d281_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

.nsp0
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE