ad83c09b2b5ad65a3f6378f212f108b4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad83c09b2b5ad65a3f6378f212f108b4_JaffaCakes118
Size

25KB
MD5

ad83c09b2b5ad65a3f6378f212f108b4
SHA1

89118c927487dd074f43885b2ea92aa8c5f22e40
SHA256

721fe4bc388322dd177179352c9e10b189f89b348a10e62bdff2024c59297631
SHA512

5840593b16c1b91d724b1f14042ebc54f4393d6710a24360c7d9c68cf29255370cbc1ea6f934b0ca20415e7db285b0d38c2f1f111a834c1874f5aa5c04ee07d3
SSDEEP

384:47dxz0CKAoqd+13XQaFt5svs9fezmqUWh9GegTZzvWaYHQcAzWrzQjJ5x6JA4y:4gCKBqdSHQSfh9fsUSweU9eERWrzm1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad83c09b2b5ad65a3f6378f212f108b4_JaffaCakes118

Files

ad83c09b2b5ad65a3f6378f212f108b4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ