5a940ee43134d03dc3f2fce57310b764_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a940ee43134d03dc3f2fce57310b764_JaffaCakes118
Size

479KB
MD5

5a940ee43134d03dc3f2fce57310b764
SHA1

a9b91065a5c202329af01ef9938047dfca2c784e
SHA256

78e3f633d197e9a1c3b47771c660a36aa55df8ac171bea7c10e2107ee259ec2e
SHA512

1497d03c2c457879ac10e553647478f20e402ce6878794852e9fe43bcf47988b9409eef47e13aa8404d1d37cc3670efbd6c316fec61c004bfabf285179fa377c
SSDEEP

12288:5Rj/w4+THes1/Czx6dg/UylpR31mzeJRql8o:5B+THv1ad6q/UspR31mzeJRql8o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a940ee43134d03dc3f2fce57310b764_JaffaCakes118

Files

5a940ee43134d03dc3f2fce57310b764_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RemoveHook
SetHook

Sections

CODE
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 203B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ