f3d306d93b7647a950f829b2bd7f1822_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f3d306d93b7647a950f829b2bd7f1822_JaffaCakes118
Size

480KB
MD5

f3d306d93b7647a950f829b2bd7f1822
SHA1

12bac4025b7be209fcd28bfa929d42009548d8ab
SHA256

1201d269164c870f2857e106102e9696d7a052a3d3339c273b2d14a825fedd6d
SHA512

93b2410470ad27773b9f5b42e8b5b2f1f88419d53a29e2396d35e8b350d94b61b28ce7c0734d1933e80660f99a6dd719f4d257c43953720cf902db0464d29c34
SSDEEP

12288:adzUwPvntvU/GhqZuoNhNLRQSKAWfMXmJn:aBU6a2qZuoNhvgimJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3d306d93b7647a950f829b2bd7f1822_JaffaCakes118

Files

f3d306d93b7647a950f829b2bd7f1822_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetMsgHookOff
GetMsgHookOn
ThreadPro

Sections

CODE
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 122B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ