3099a47a052a0100f7022d8e493d948c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3099a47a052a0100f7022d8e493d948c_JaffaCakes118
Size

476KB
MD5

3099a47a052a0100f7022d8e493d948c
SHA1

b9763af1626cdeebf7fccee0d810bd5de224261b
SHA256

51b6d0d2a105c8da80dd4c067dd3ca87cf312396637b5c2c2e038f2b0c1c87c2
SHA512

4a25dda330bfefde0e6a86bc9b1a8f163c80b09e9fae0db167d926a86da1be7f78c8f8043030d49c7286ef0de38d6a043baea2255f83ec4c949b77b0f2e48ff8
SSDEEP

384:iidD9d6GAmOAxbO/YCybh+teiZ/VKFjjmNEMNwzEli4w2KS3oB:j6iOQKeiZAjmDOEli4WS4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3099a47a052a0100f7022d8e493d948c_JaffaCakes118

Files

3099a47a052a0100f7022d8e493d948c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

EnHookWindow
S45pFireWf4l
UnHookWindow

Sections

CODE
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ