2b83e5a78f0ec1f22aba4a610717705d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b83e5a78f0ec1f22aba4a610717705d_JaffaCakes118
Size

46KB
MD5

2b83e5a78f0ec1f22aba4a610717705d
SHA1

57ec8782d22bbd843fcc530afe756d6237df1bf8
SHA256

e3139e338a0d93070786d01dee5b1003a327342478cae1eb9c2f83427521a46a
SHA512

0ced729632935f1637ab9f24419ffd3e9f32db091559ad9a0637f4c69c918cca9a03189f014c809bcafc399753aea40c9d0e11ea1e5e4e455e49c647939f52e9
SSDEEP

768:+Zd3YUm4daRfIBAMpAWjivgjmpBq/ZfUfczhcDpuw3gmRwstM6tb+RRQMXiBz:+Zd3VKIBAMpAujfZfUfczx1mRwsKE7B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b83e5a78f0ec1f22aba4a610717705d_JaffaCakes118

Files

2b83e5a78f0ec1f22aba4a610717705d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

StartHook
pt_ksHook
pt_tzHook

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ