d11a34259da9e0a4b6bf3cb061680bf5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d11a34259da9e0a4b6bf3cb061680bf5_JaffaCakes118
Size

56KB
MD5

d11a34259da9e0a4b6bf3cb061680bf5
SHA1

42df18b989b450eef67db753a2ce987773004229
SHA256

af3b0a9da22d77c2668ad69ae5b09806cac9679980bfb9e26bb83b0c87f7dda6
SHA512

23eeeb1d705ddf26e4afc7e7a63205d146aec3b2e494530988134bba84a9c763aff98e8e40b6ad3525e2103e93646e37e3ec614be3fd054097e4a7afc241d985
SSDEEP

1536:TpZipLQxM6RdYdPQ68/RgjDaIvwfulwQUn8M4S8nc/:C5Qa6RdLgjD7sulwCEIc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d11a34259da9e0a4b6bf3cb061680bf5_JaffaCakes118

Files

d11a34259da9e0a4b6bf3cb061680bf5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

oxryzz0
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oxryzz1
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oxryzz2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE