bae43252f98e5e599460ee7fa49b8a93_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bae43252f98e5e599460ee7fa49b8a93_JaffaCakes118
Size

96KB
MD5

bae43252f98e5e599460ee7fa49b8a93
SHA1

c91893321c909da7365d37d6bdda7cde60c90bca
SHA256

dfcd3affc963121f154c5d7b8351fcbb556e6ff1234902e61585460138bc51e5
SHA512

a850632271f6dc6461c7a74a8a7ff2c345e67c7eaf152af0acd7e8ef27f0cf2c33c90c5b0b23e007f80235d3b8e0601f5f1d8ff5124a26d0bbecc01f90476256
SSDEEP

768:FCXEqdSQQN39p9siqtT5w6D31DVscnKmz:U0qYQQx9b9KtFFDycKmz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bae43252f98e5e599460ee7fa49b8a93_JaffaCakes118

Files

bae43252f98e5e599460ee7fa49b8a93_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

.Upack
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE