0df907abc988eea9f41147825337ab1f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0df907abc988eea9f41147825337ab1f_JaffaCakes118
Size

86KB
MD5

0df907abc988eea9f41147825337ab1f
SHA1

6faedcb4f4e1590ae7cb85f196e9367f016a6d93
SHA256

695767f998d19217ae4fdeec5eb06c62d8d1ab63cd0eeaeea0fdd1b1bb254c6f
SHA512

05279c198d556da8ce865bb19a168dedd2535fbad5836b9ed99966c60f635d5406721c527391dc8bbe5618f30eeac81a03d92b5c8ff6e8baad5194b7e7bae060
SSDEEP

1536:SupIcpSxaKX8dmqc1II2yXSak2GYEzBdeA6eKFUOfEwhmDRAd1ljtsvw/LoqRTck:STaHjc6I2NKHTA6DUvnlAdjeqMOawTd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0df907abc988eea9f41147825337ab1f_JaffaCakes118

Files

0df907abc988eea9f41147825337ab1f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bd227ba966c127e93fe82f25f211eaca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree

user32

wsprintfA
MessageBoxA

Exports

Exports

InstallRT
InstallSA
PSLIST
ServiceMain
StartEXS
UMain
UninstallRT
UninstallSA

Sections

.data
Size: 77KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rl
Size: 288B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 940B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ