396894732e21a829c24bce2c5feaa666_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

396894732e21a829c24bce2c5feaa666_JaffaCakes118
Size

256KB
MD5

396894732e21a829c24bce2c5feaa666
SHA1

70dbc10c4e14275266cb6f72f9dd401e9077eee5
SHA256

b8d9d9ebbad4b71b6fde7be31d9212f46fa60ed662daa65d66f655f7ad25820d
SHA512

a56142abd052bcc8aca67bf6e2ecaac1b4fd009287af1cb476e0281f3d3fc73f282cbc12996fc0384ee30c50bc471f8461d089c267e87bed2ab4d1415e09d10e
SSDEEP

6144:iLFgx1macUxsbPq1q9BAhuGSeMxVl2hUrM5gOtg9oud7rffJHWbkBJ:dXm0xse1thuLe+oZaou7LfgbkBJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
396894732e21a829c24bce2c5feaa666_JaffaCakes118

Files

396894732e21a829c24bce2c5feaa666_JaffaCakes118
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

CreateMainProc
CreateProtectProc
DllCanUnloadNow
DllGetClassObject
RealLogoff
RealLogon
Setup

Sections

.text
Size: 242KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE