f859bcef08732e3f3d39e10dcd80093f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f859bcef08732e3f3d39e10dcd80093f_JaffaCakes118
Size

176KB
MD5

f859bcef08732e3f3d39e10dcd80093f
SHA1

2a92ab1651d2b1fdc59bfca43d9f507bffb68304
SHA256

289561eab0729a4055213414e7d3e2608d77c3325d4d245490514d931f56912e
SHA512

d3aa365800936ec8b7255943c5e6123dbb7e2ec994ee4dfaf7ec921c2eb3eeb9174c321c11a5448946efd36c82125f1d4f4f17c9c8bb28823b7699e28e4f8aa6
SSDEEP

3072:FgDODLMOzHQDVemvhi7xR2DMmnZOhGqpR1ohQ8EYjMUHmyoAIBhv0kZ4jEx:GlwHQDVDvIxR2D/ZbqpvWj5myMBhv3ZN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f859bcef08732e3f3d39e10dcd80093f_JaffaCakes118

Files

f859bcef08732e3f3d39e10dcd80093f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

DeinstallProvider
InstallProvider
WSPStartup
___CPPdebugHook

Sections

.text
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ