3c286f1214d65bfdf849d0f9ff9f5408_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c286f1214d65bfdf849d0f9ff9f5408_JaffaCakes118
Size

45KB
MD5

3c286f1214d65bfdf849d0f9ff9f5408
SHA1

b5fbe0be413edb8561ab91e5966e4e9e9f705e8e
SHA256

e83987807d9c8df00942f77b59ed345793b1802f785f41c322c813f8966053ae
SHA512

917f9c8ce9155755d6f8b6799eb94b1fab923a844fcbdc15a3c3edcbd2a1ff18e97f67ce9c82d873dd89399079d4bfb553b99d936145e3ec5443277c10dcd237
SSDEEP

768:1ShK24pcIC6vQ1wxRybXLTL0QfqoA1kbLREjV41GHp:E021kvV6zLycvyjVqGH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c286f1214d65bfdf849d0f9ff9f5408_JaffaCakes118

Files

3c286f1214d65bfdf849d0f9ff9f5408_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MsgHookOff
MsgHookOn

Sections

Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE