7092bea319f5fa1a085f42e799acd852_JaffaCakes118 | Triage

Sharing

General

Target

7092bea319f5fa1a085f42e799acd852_JaffaCakes118
Size

140KB
MD5

7092bea319f5fa1a085f42e799acd852
SHA1

b224de1c5a517e7fb62a87f32596dacce24986e9
SHA256

ef842d2640921d8a7a443f045a2d1604b5e6a39fb60528c627e18d11f7178ed0
SHA512

c4c45e07f590cfa0e4d1f4c9cf722921651eecf4e7bf157a8b3ecf39bda9a30698994637446f4e5f2ff18eb51945af71db5d728e622b7b014b326b37ad6be5b5
SSDEEP

1536:hI+KkhPTWpGZDb38zbRPF0h8k79Pl5E0HW6jGe+x5b38:+wypGh6bRPFidkig

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7092bea319f5fa1a085f42e799acd852_JaffaCakes118

Files

7092bea319f5fa1a085f42e799acd852_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

nvr
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

e8bzvi
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

b
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE