3b1d787401f722b79775c0c1b6d87eeb_JaffaCakes118 | Triage

Sharing

General

Target

3b1d787401f722b79775c0c1b6d87eeb_JaffaCakes118
Size

248KB
MD5

3b1d787401f722b79775c0c1b6d87eeb
SHA1

3936cc85e42eba0e4edd94c476077f79551f66b6
SHA256

6f47291dbe496635b54562343b821963c1a5c08d4aa54fdb29c7fe75f58d6ce0
SHA512

61f8b46203c0893c6b953f2d51e82bfa5975a4ca57ba54548797a4631aebcddd3f8b467404b14a7e59245f3ab7509430839656a9ace9657ed052f4aad15dd4a1
SSDEEP

6144:ZqrQIbUa7+PRxCdQVls4vq9an9bvoBy+P:4L7+pw8TS9e6yy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b1d787401f722b79775c0c1b6d87eeb_JaffaCakes118

Files

3b1d787401f722b79775c0c1b6d87eeb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

.nsp0
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE