43293440e4bcdffb0387ac3b957ee88e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43293440e4bcdffb0387ac3b957ee88e_JaffaCakes118
Size

41KB
MD5

43293440e4bcdffb0387ac3b957ee88e
SHA1

528988577aa04743e97b75ff6b8731610f84257c
SHA256

3aa008a81d0ade391e40abf98f437f4fd0adc140ab726fd8c13972bfc7ea2d40
SHA512

dc781a722e231d052b6b53b86be803ec152ca57821576194c9a2dd5b75691159c1d6fd2b3bcacd0651d787661681b752c103fce30a5adfd1460d4730458b184f
SSDEEP

768:UvFMDpEeFcp7iRiRyrSRuRwPz+RMpdgg/Doq7M0WzTFfAng:UvqtEeFS2RIyrS9Pz+yjdDoH0WzJEg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43293440e4bcdffb0387ac3b957ee88e_JaffaCakes118

Files

43293440e4bcdffb0387ac3b957ee88e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bd227ba966c127e93fe82f25f211eaca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree

user32

wsprintfA
MessageBoxA

Exports

Exports

DoMainWork
DoService
ServiceMain

Sections

.data
Size: 29KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rl
Size: 288B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ