2835f98fb6132287df06eef0032827b0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2835f98fb6132287df06eef0032827b0_JaffaCakes118
Size

124KB
MD5

2835f98fb6132287df06eef0032827b0
SHA1

4da83acf2ded11559f74b86252b94cc7d8c9348d
SHA256

6e13782c7144c6acb8364cb474befddb544c26c93143f44b66139289bbf57861
SHA512

83e38eb557ace273c851f48793c22bf2bad4dabbcbadb118555a365c3289ce096d156a8d39783efce16dc73c97a1d4f5bd35faed9b49d09f125edfe246ed28e7
SSDEEP

3072:F61Ye3TaEu2CoCcn3zO7A4D8XHS4KygA/EY9Y6wsYaHyGWN8eV9lwOz4h1:UTa12CoCckAe8jkAR9Y6wZG8P9lwg0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2835f98fb6132287df06eef0032827b0_JaffaCakes118

Files

2835f98fb6132287df06eef0032827b0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

346d60e37a38da26b7d234c6530424cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
_adjust_fdiv
malloc
memmove
free

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
SetErrorMode
LoadLibraryA
GetProcAddress

Exports

Exports

JgedCreate
JgedDestroy
JgedDisableComponent
JgedDuplicate
JgedEnableComponent
JgedProcess
JgedSetOption
JgedStart

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE