be636fac0ba57339ebe70bcd8fbc9ff2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be636fac0ba57339ebe70bcd8fbc9ff2_JaffaCakes118
Size

17KB
MD5

be636fac0ba57339ebe70bcd8fbc9ff2
SHA1

7d81bec4f9a2d2b8749849132d9a53c0f40b9437
SHA256

3265cd8e9db1e67bb477dc0aab8b612392b2132fc0fa47075a3a572d1b6dbcb9
SHA512

7f68200354414bbc5b87376c17011e601e7cb928ce10e6eaf78ced830bb7e766795aab46a4d80554dcb4bc51ef1e4abc9a35f6d6fdae44ae80e0b8feac09d86b
SSDEEP

384:mqp6e1J5MpliA1Q9dECtZ9GeaaOJh6iNa9E:GShA1smCtjGH/NV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be636fac0ba57339ebe70bcd8fbc9ff2_JaffaCakes118

Files

be636fac0ba57339ebe70bcd8fbc9ff2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
LoadHookOff
LoadHookOn

Sections

.text
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE