a670f925970792b539651a8e6af96be4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a670f925970792b539651a8e6af96be4_JaffaCakes118
Size

47KB
MD5

a670f925970792b539651a8e6af96be4
SHA1

f0b7ad9ed76ca20c1a6146f617f79f56d8024ab7
SHA256

3a826f0371171165c358830d66c00e3dc020bc73b739761e33c87a48951b9be1
SHA512

90acd417b7a877967ef2c9717a640a622305b6a693cec84992e86625f542887efad7e4d45f7dceef7b66eb8936c3930a153f0120799f3cb7fd63f3dad7d54756
SSDEEP

768:zC+q3Q+MCiI+LT5/qKq8qiO5OpBl5Y6WvNRxMyGIRg/So5I4oxwHXQmsLXjH:2+q3QoF+LT5/uiGOpBl29NGIqqYIOHXC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a670f925970792b539651a8e6af96be4_JaffaCakes118

Files

a670f925970792b539651a8e6af96be4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MsgHookOp
MsgHookif

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.MaskPE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ