006b8312a1da7c98168787ea98a95536_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

006b8312a1da7c98168787ea98a95536_JaffaCakes118
Size

103KB
MD5

006b8312a1da7c98168787ea98a95536
SHA1

51542eb5fe92bdf8e324b158524b1fd85cb6cace
SHA256

e3ad5d8dc54ca62f485eb653ab3b0463444ad7b9cb28f0617a6f7a61686d12fa
SHA512

4e555e8ccf25792fbcf46c6f92b210a89a4805eeac60000a46c56bb3a97923d45c97a0602c10513d9d2663a269da0a3ba323e1ab087d8585ad607e68c06fe42c
SSDEEP

3072:vVopLxaUmEc6CXbpCLk3jt5/OwGRZC4+42:vVoNxaUf3UCA3jt5/Of/C4H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
006b8312a1da7c98168787ea98a95536_JaffaCakes118

Files

006b8312a1da7c98168787ea98a95536_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MsgHookOff
MsgHookOn

Sections

CODE
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ