63de860aa776d6abe9c3f134f933ab25_JaffaCakes118 | Triage

Sharing

General

Target

63de860aa776d6abe9c3f134f933ab25_JaffaCakes118
Size

48KB
MD5

63de860aa776d6abe9c3f134f933ab25
SHA1

21d5360701e051eada68084e040c12d5fbacb0e1
SHA256

63eab86a00c7ad5f9c04b58edd89b2280be403ed3a439352c1f9fb9c12fb6a3f
SHA512

ae9c381c04b22d229dce13c01e7f778cb69c2bf6434683f62fa326451db135a8066809490c5a0ad68670fe3893d208e66057d39d970c089bea42bec79332383c
SSDEEP

768:impM8V/5Q1GuorD8lQbyVXbWiHCjMAnLVrxA6Oz1MxBX4xOHp7v:iajG6kJoiHCj/nLrxBcQ7v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63de860aa776d6abe9c3f134f933ab25_JaffaCakes118

Files

63de860aa776d6abe9c3f134f933ab25_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MgHookCs
MgHookOp

Sections

CODE
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 199B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ