a4167a9bd00171674213140f9a855871_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4167a9bd00171674213140f9a855871_JaffaCakes118
Size

167KB
MD5

a4167a9bd00171674213140f9a855871
SHA1

2efe6e0b93a0c1cd4a8bffbd021e0803dfb95fa5
SHA256

f4da0c80983ba00da7ef908c2d979f8144b2239fc87ae40c6ba458f6d9576ae5
SHA512

7aa8798c9c3fc5a5e0b08c6258e083c7cfbd9c5f076bfb962af36ede5a534cad65cd3b0b76267b13568a4e6d7217e8262d86d1bdcdd861266b9f4f8f0778fc77
SSDEEP

3072:Bdr3hBxwT8rEwqy+xLV6KCzDArFZWaV2:TD3xwiJqxh6KCz4TWaV2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4167a9bd00171674213140f9a855871_JaffaCakes118

Files

a4167a9bd00171674213140f9a855871_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

Size: 3KB - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE