ba41d127d9a39ff6708e046017f752b6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba41d127d9a39ff6708e046017f752b6_JaffaCakes118
Size

35KB
MD5

ba41d127d9a39ff6708e046017f752b6
SHA1

5904f5c5031c4d89de1deaed85388575d9b9f902
SHA256

584a34f8f6f24a409e68da4b5b8ae5dbbd013c829412c9b7f85ccf4460cf1fdb
SHA512

0571f11df7fc3b0a6be2e4d12c57f263b5430bc4bfb951b068dc43f9151cb2303534afe1ee12d1c0507c5365c00053add2e3a5d52f0002f8ed2db21eb299c655
SSDEEP

768:6Qoi6qZO1Qegd2RxiQ23jMn9epODWydVGCJ3iFa:6Qv6qZ4Q3yMTEIeRiFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba41d127d9a39ff6708e046017f752b6_JaffaCakes118

Files

ba41d127d9a39ff6708e046017f752b6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOf
JmpHookOn

Sections

CODE
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ