15b0a42c953b4a0e99cdb38f6d121767_JaffaCakes118 | Triage

Sharing

General

Target

15b0a42c953b4a0e99cdb38f6d121767_JaffaCakes118
Size

20KB
MD5

15b0a42c953b4a0e99cdb38f6d121767
SHA1

53c86a058ec4690ed069e62373b4876aa5cd3f70
SHA256

533b5938d4bdbc0c7197d2df73ba4d7f7d730ddeb1608142f8ad39186377b428
SHA512

4e9c88c84b8a5656e3b215c12fd67a9bfb9287def5d47f9e0545f42ab68332ee8e458b6cbc214323fcdf02a6db19ded6b3edfe0386693c74b3e2f18dfa4bf0f6
SSDEEP

384:a6WWTEcWRfgu9ybTTKUc1Tn9zvLhyBiUqfHg8D+dIcjzOhLgEDFL/Y:oz3ybSD99zMirvg1vzOpbF8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15b0a42c953b4a0e99cdb38f6d121767_JaffaCakes118

Files

15b0a42c953b4a0e99cdb38f6d121767_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JumpOff
JumpOn
ThreadPro

Sections

.Upack
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE