c7872bf1b30b6e05b64eb8d1672cd69b_JaffaCakes118 | Triage

Sharing

General

Target

c7872bf1b30b6e05b64eb8d1672cd69b_JaffaCakes118
Size

139KB
MD5

c7872bf1b30b6e05b64eb8d1672cd69b
SHA1

cec5d434d1f6db37b11ec6f1795579ea64f17a05
SHA256

4dcbc9720d4ef1aa4d4ef2e59d536fa72d2b7bc460ff0313cfc5c37f9ec95143
SHA512

f48af1c39109a4e30d50ec602ed98e2bb6432c6536339b7559246f0c2e903db728f248cf00a44750501d910ff2bc7377694334752321a130b6cff473be7aa230
SSDEEP

3072:+eL5jWUcG5aU+sXnXLM5zCkOnWU+w5D5/TwvIw/NxbEmgyhvF:z1KUseXLM9tuLw/Nxb/3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7872bf1b30b6e05b64eb8d1672cd69b_JaffaCakes118

Files

c7872bf1b30b6e05b64eb8d1672cd69b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

CODE
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 207B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MaskPE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ