30a582d74364feb9607cef38b90b7d94_JaffaCakes118 | Triage

Sharing

General

Target

30a582d74364feb9607cef38b90b7d94_JaffaCakes118
Size

89KB
MD5

30a582d74364feb9607cef38b90b7d94
SHA1

d48b624b914929643ae0719af6e679f8be2fc412
SHA256

531919f6e54db0e919af85b9b1e7e5a59a22fa6396d54692433cecb687ddec7f
SHA512

65e0ab61682803bd02b9d9ebeecc6d8a666148256095a2bd7f96b7db342819b382aff1cb50d6fb9b2f1853dc895352df0edcbfc9b5a389d76a3d55fc14e0b11f
SSDEEP

1536:03C2K5Zc4MLklh5H3k9aKl046Cr9oPcb0LY2YdkJgO9h6736QHgOKraKl0H:w4osh5Yan462oPcALYL6Q6CgOKranH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30a582d74364feb9607cef38b90b7d94_JaffaCakes118

Files

30a582d74364feb9607cef38b90b7d94_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

jf
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tgid
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE