30095cfe2b15892b3c218c461f8e6708_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30095cfe2b15892b3c218c461f8e6708_JaffaCakes118
Size

48KB
MD5

30095cfe2b15892b3c218c461f8e6708
SHA1

03bab156f12e0683150df43c11132ffd1bdc67d8
SHA256

e7860df4baaeba9e5a5a187bedce4d892fb5c61a4c425c2dfaee7765af94ea75
SHA512

7a3e28944fd3cf33add67c4d7561667556fe32fd57ba69950b10165d8f844b9075bfce20f6503e40f1e0d7e69c4d7e0026c7ea4ef29367828acc577192defc5e
SSDEEP

1536:BrlNldTemFU8PNfsv/YlXLv+iDSitJGzKY:BrblB3bPN0uLvJDSLeY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30095cfe2b15892b3c218c461f8e6708_JaffaCakes118

Files

30095cfe2b15892b3c218c461f8e6708_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

.nsp0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE