b0f9530fc4cbc8d37ab305097827a7b1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0f9530fc4cbc8d37ab305097827a7b1_JaffaCakes118
Size

124KB
MD5

b0f9530fc4cbc8d37ab305097827a7b1
SHA1

b4d5f6c31088ff2f46a5359ab5787573da6a4e37
SHA256

00c485a937ab2297dbea1ad4e7f4dc304ddc61e05535b7c2540861c6fea8ee1f
SHA512

fb6d1b27429faa1bae50d10cc49e03880e21a73c11a810375f7b7714085d7c84ec2d23fc38a4a3757bd6b3e99ab7a5359a4d0a26bae043e5230a1c67fe97efa4
SSDEEP

3072:vSbkr6UaQ14KTB7/I2vk52Zq2zUMhF4aUQnhpscyr:HeURRlU5rMf4aUQnj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0f9530fc4cbc8d37ab305097827a7b1_JaffaCakes118

Files

b0f9530fc4cbc8d37ab305097827a7b1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

CODE
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.chac
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE