fc0db1224f1acc9e87081b893dcc8912_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc0db1224f1acc9e87081b893dcc8912_JaffaCakes118
Size

91KB
MD5

fc0db1224f1acc9e87081b893dcc8912
SHA1

50069a5b80244a425f20bc709ad234ba48cc4425
SHA256

c5af4988b9410f5a769d331b321d3fb3d0a5c291743182cff7669d223b8da8e5
SHA512

4c5e40568d3661d92e0ddbbe2264d2cc6bad89bd0369cbbd4b5368e5c15db4472a7a9e38ac815557aa2b278ab0a9524aa50eccbb3904e178216ee8e24b6b9bcd
SSDEEP

1536:XKQ3hQ3BVwGfOcnJf2xqgG4IntFSr/DAo9+FF0R40:6OkbwFWJfajTIgAVFF0R40

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc0db1224f1acc9e87081b893dcc8912_JaffaCakes118

Files

fc0db1224f1acc9e87081b893dcc8912_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Qy001DoMainWssk
Qy001Service
ServiceMain

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

jiajia
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zaijia
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE