ff9f2efe683acb29a1549384a95cfc47_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff9f2efe683acb29a1549384a95cfc47_JaffaCakes118
Size

48KB
MD5

ff9f2efe683acb29a1549384a95cfc47
SHA1

82ab26e88d6854ab39c7f13780ce559b7a2f62d4
SHA256

fde13d339a292e96dff340e691df89d214e6ce2bb5f50ef6db28ee28b12bd7da
SHA512

aa3ba5adc758df9368d259e978c0374f20b71e56987b0fb73ef18cec417c3ae62cf8ac2f1d90197240b0bd2fed06027e2ca218154e9aa3b372cc2e3bc104032b
SSDEEP

768:gy5qvGQxwTVtmoULNkE/Qi9e0dr7UArPA0L4edYt/5q4Wtd8FwBmjJIlM8x:X5qvGQORULNjQV0d11L4of8FyASl1x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff9f2efe683acb29a1549384a95cfc47_JaffaCakes118

Files

ff9f2efe683acb29a1549384a95cfc47_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

HookProc
InstallHook
StartHook
StopHook
UnHook

Sections

CODE
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ