002d47e84fed7682ca2f98a694d272b9_JaffaCakes118 | Triage

Sharing

General

Target

002d47e84fed7682ca2f98a694d272b9_JaffaCakes118
Size

21KB
MD5

002d47e84fed7682ca2f98a694d272b9
SHA1

331f584b4830241ad8fbc1a79cb6e0826fa366fd
SHA256

843e7e88ba5b101021e3054aa801058966520b19f7c3769dcc50f691d5606b37
SHA512

e85d7efbf1211b311c9cbcfa66ecc0fcedff361651e11a7fa3a126afb3335df598879225b18df01cf539b22ba6fc87189c1003247763e8fb1c2705c4b1f8b82e
SSDEEP

384:vyVlNjtU2eZ8ABDZ6Uw2+k436mMBtejEugzEmCqQS:qVlvqZY1k4BqteE7EmC0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
002d47e84fed7682ca2f98a694d272b9_JaffaCakes118

Files

002d47e84fed7682ca2f98a694d272b9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

EnHookWindow
SkipFi2eWall
UnHookWindow

Sections

CODE
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ