36e961f72a1b606e6537e40c5f0504b6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36e961f72a1b606e6537e40c5f0504b6_JaffaCakes118
Size

1.2MB
MD5

36e961f72a1b606e6537e40c5f0504b6
SHA1

6ec03fc3e5182f9230e4bae6e4141455836e9888
SHA256

e6eba64d8959b297ae69f23e08f1e15a6a75622563d85d562bcd3618849db035
SHA512

1fedc94d67657ead71818238ec0a2420a94946f1f9d1584548ca1f2e640d152b62489005d2d355854cbf1c65a354300ad2b80c85dd783c5229dde9ca1827723e
SSDEEP

24576:AaK8GQe2sn6i9tGi9b8AJo1tTk5/1XGaj1w4FbVXMxo5RRj345Y:A9Tf5/FeonRj45Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36e961f72a1b606e6537e40c5f0504b6_JaffaCakes118

Files

36e961f72a1b606e6537e40c5f0504b6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllRegisterServer
EnableMouseHook
ServiceMain

Sections

CODE
Size: 663KB - Virtual size: 663KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ