71a5558b514311575ed64eb8624cdad2_JaffaCakes118 | Triage

Sharing

General

Target

71a5558b514311575ed64eb8624cdad2_JaffaCakes118
Size

134KB
MD5

71a5558b514311575ed64eb8624cdad2
SHA1

7493a77572a326e063acfb3bec07b2193953127a
SHA256

493ada443fe9ace0bb6843d44ca154dfe6a3d86168bbf1d883f14ee73b9d4121
SHA512

a865f586ebcd276c519a7008a4562fe223f8f9f4400cc58eb21e2d9df7fac2db8c14cf576cae4009e08310d12cd463cd06e5c4d7095d5acc08f1b1800d6baf97
SSDEEP

3072:W3V5h9aKCUQODdLo5lyPb72LbOXHpBkZ+9s:WPh9UOJLo5cPHRZBkZQs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71a5558b514311575ed64eb8624cdad2_JaffaCakes118

Files

71a5558b514311575ed64eb8624cdad2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Exports

Exports

DisableHook
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnableHook
SetupShellHook

Sections

.text
Size: 1KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.perplex
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ