392e488139ad6430ee558e592454f346_JaffaCakes118 | Triage

Sharing

General

Target

392e488139ad6430ee558e592454f346_JaffaCakes118
Size

58KB
MD5

392e488139ad6430ee558e592454f346
SHA1

f29f0720d90a79668dfdb9333dc1068e54d595a7
SHA256

d64e041eecd5700e9137eab8f0510d39c3b2a00579c3d89818a6e6eb2ec10904
SHA512

15f000bfd0be05defa9ce263021686cad79e552684af3207cae2a50398687760c6c925115a72be7b8e13feb0f36633b6fae428d24248ee64d555395ce3a14dcb
SSDEEP

768:LEUs6lKOxyKfjkAG5Xqijth6UQIP9vqhVVxr+ptVqDkR1dxXGI0v:LPEOxyjP3jthL9CgnQ2XxX3S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
392e488139ad6430ee558e592454f346_JaffaCakes118

Files

392e488139ad6430ee558e592454f346_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1c372311534116eeffdf56f3f6c69c5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
ExitProcess
GetProcAddress

user32

wsprintfA
MessageBoxA

Exports

Exports

terlockend
ServiceDo
ServiceMain

Sections

.text
Size: 26KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gffdg
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vfbgf
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

NewSec
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vas
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE