175287cb5996846ee56d10d535b06d7a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

175287cb5996846ee56d10d535b06d7a_JaffaCakes118
Size

143KB
MD5

175287cb5996846ee56d10d535b06d7a
SHA1

1bab3ee1b34bab5fb3c820e076c0b468890da680
SHA256

11c7e62d9deca4d1832aee84248688f27cc73641736dc8785b923246b3572e7c
SHA512

dede2fdf3c2bc31289b5e88aff67b9e09073d0e894bda7c2009be3e8b2e5db414a647cce1e043c13cd6c87c5aebd1719a988dfe46cf35254ea09f827d716ac95
SSDEEP

3072:KSdtaDHCwOw5OhSt85UcYEbMilID0zBMLQoENkA9L82c8KvHkpMN1xC3ZEIr3gls:RYD65U45fxBcjEeq2ls

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
175287cb5996846ee56d10d535b06d7a_JaffaCakes118

Files

175287cb5996846ee56d10d535b06d7a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff9
JmpHookOn9

Sections

CODE
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ