f7f4e42f4aa5274bb9b6c0e7bc52f20b_JaffaCakes118 | Triage

Sharing

General

Target

f7f4e42f4aa5274bb9b6c0e7bc52f20b_JaffaCakes118
Size

1.9MB
MD5

f7f4e42f4aa5274bb9b6c0e7bc52f20b
SHA1

3b18a3d34d0f582c7e71da9aa0c4248798f7a894
SHA256

8e9e81c98feb8cba87cbaa6165789ca1ecef6fd7deca796c7cb8c03d4d1cc4dc
SHA512

58e8d11b7afe92209b835d266c7d0b2095979faaacc1bb0cbab7fad8993f677b316243b5d83a4cb82dafb770c37d1a3cbe56518cc9faa24035e47da291102702
SSDEEP

49152:wwImLUF5wKQs/rcnn3jxoiLsKCYpJqVHTcx:5VUF5Osonzx2PwqVHm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7f4e42f4aa5274bb9b6c0e7bc52f20b_JaffaCakes118

Files

f7f4e42f4aa5274bb9b6c0e7bc52f20b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f9ade0aa18f660a34a4fa23392e21838

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ExitProcess

Exports

Exports

CreateQDLockCheck
S4LockAutoUpdate

Sections

Size: 110KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gaiadnun
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hyeainbz
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE