a4171f47cddb867d1a9cf83fd8a61904_JaffaCakes118 | Triage

Sharing

General

Target

a4171f47cddb867d1a9cf83fd8a61904_JaffaCakes118
Size

92KB
MD5

a4171f47cddb867d1a9cf83fd8a61904
SHA1

055964f46e60ae80a2e11edee5fdcb7b088c8421
SHA256

06efe3789f4362c543e324ceef208589cf093bf35fa13843840e902eee5bc4b6
SHA512

afcd8f6292ea5eda608967c567d800f8448a54cdf08138532af127503924b89107abdce83550f9ae0345631caaf05ada9fbbdc3675d181423e246077b18e4aef
SSDEEP

1536:n4qcsQ0Sk/UG+ynreizMOZTHRi+igSSDQaT+JPRglCVm8+8yk:nljUGhMGx97SSDQaaJPQymCyk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4171f47cddb867d1a9cf83fd8a61904_JaffaCakes118

Files

a4171f47cddb867d1a9cf83fd8a61904_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JHookOff
JHookOn

Sections

CODE
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ