e0b77814ff3386b6abc8b500e29248b3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0b77814ff3386b6abc8b500e29248b3_JaffaCakes118
Size

59KB
MD5

e0b77814ff3386b6abc8b500e29248b3
SHA1

f1cb9bbe08ea7fba16fbdefb23e01240e8753787
SHA256

abc4161a0f186429ed760c91a21af42b3eb193ea7b2b70bca805884dd6c9975c
SHA512

4d098cf88727ee3fa1aacfd51d4dc00858e28c411b80a646d35b772a8287c314fb8f24046c0672eb27042e57f9580d8be07470151e789fa085a89b03c695148a
SSDEEP

1536:+9IAhPR0mja//e4AeSSjO0pjKGBtX6MHh2KL:+9IAhPR0mjam4pLjdBx3D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0b77814ff3386b6abc8b500e29248b3_JaffaCakes118

Files

e0b77814ff3386b6abc8b500e29248b3_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

deebf35de466da4a590c219a4d5fcd1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wininet

InternetReadFile

oleaut32

SafeArrayPtrOfIndex

advapi32

OpenProcessToken

gdi32

GetPixel

user32

WaitMessage

wsock32

WSACleanup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpHookOff
JumpHookOn

Sections

CODE
Size: 53KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE