47c46168273d485404b60cee7b80bb25_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47c46168273d485404b60cee7b80bb25_JaffaCakes118
Size

4KB
MD5

47c46168273d485404b60cee7b80bb25
SHA1

cc90b0b57b47749e1046949826d0586453680a1d
SHA256

59c4fc826ab256f2b085765e8feeaf23b04f55b3f59f7569a9873772dbcb390d
SHA512

13d99ba11bae2d8af5a2580e00b9ab6e966470dbc9eb47a7100547e195673d315cfe3e9e7315643135f7a8598f26e1fe747c4caf742aaa3655414c4b5016bc7b
SSDEEP

48:zdZ6mQ5n1AxrbKIDkmmsksiljmlcpydYucZbcss4svxCj0ieVtBBZW5wH4N2NROY:z/6NStGljmKrcfnp3rPWZUNRO6Wl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47c46168273d485404b60cee7b80bb25_JaffaCakes118

Files

47c46168273d485404b60cee7b80bb25_JaffaCakes118
.dll windows:4 windows x86 arch:x86

77f51df9713d8759f46f198af959d5a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegOpenKeyA

Exports

Exports

wanThk_ThunkData32

Sections

.MPRESS1
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 979B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE