de5578a65e83c1c92d1f489ad333720e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de5578a65e83c1c92d1f489ad333720e_JaffaCakes118
Size

30KB
MD5

de5578a65e83c1c92d1f489ad333720e
SHA1

c3eb25916fcacd0c0302f24cf39c4ecaa5e0d09b
SHA256

c58fe501d8bd35f17a4db1e6fd135775c256fdb78f9ca05476216296a14fc7c4
SHA512

2fa4bcf265d3c523e1d8329a955f01872f729dae5497e9dd361dbf54740629847f15331b8962beca95aeee0e614a7cf3d3e17265c46b8707907633eef4e41899
SSDEEP

768:KKSCquFw0GQO/mRsrlier9dlKzfNrdDykX:+CquFw0GQicEUxhrX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de5578a65e83c1c92d1f489ad333720e_JaffaCakes118

Files

de5578a65e83c1c92d1f489ad333720e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MgHookOk
MgHookOn

Sections

CODE
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 199B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ