0ee9861fe2f6c2d0b38fd27a8e1dd0e9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ee9861fe2f6c2d0b38fd27a8e1dd0e9_JaffaCakes118
Size

514KB
MD5

0ee9861fe2f6c2d0b38fd27a8e1dd0e9
SHA1

97aeb07d6f8778c20c40069ce11a739dbe5cd3a8
SHA256

3ee0420116a17ccb7b57f5a197eb5b5af6e98d6d61cbba911617865f680db269
SHA512

2d6c0d6804f9521ecd70d09d70174ed785a26502ce82f3ebf45959a3e905bf87b6196af1a7d3ce71852590c03b17d0baeaeaddd661602b0fc7e7711204f703b5
SSDEEP

6144:EUr/Kjsi4NCqmcwSSF0aCrkf2Pnwt+eBBDF+1r2W9sbz+mMDb:EULKwfNmcwSeHrD/BBx+cWO/u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ee9861fe2f6c2d0b38fd27a8e1dd0e9_JaffaCakes118

Files

0ee9861fe2f6c2d0b38fd27a8e1dd0e9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4ae8cce1cdb668a8fad907517a62efc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

pdb.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
ReplaceFileA
Beep

Exports

Exports

wqadi

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ