44c9e9598dcedaf035347f5e3c1e626d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44c9e9598dcedaf035347f5e3c1e626d_JaffaCakes118
Size

95KB
MD5

44c9e9598dcedaf035347f5e3c1e626d
SHA1

541a8ebb124ce7094b1578c7860904e71ea527e8
SHA256

78e0722be13c1dc3f2e9a8a0e81a1c5aee042360a0a81f122cf953b267c757fe
SHA512

4b7bc6212fa941216ba164517d6c8246e9444ecfea32baf69ea1095975b419859f35ef8cf42390c3fde67b232cb96a45b3d5167b563910c1ff666feb4b0f0f4d
SSDEEP

1536:X9RJzMct5ZHrNSy+BXJFox9dfOKkz+/QMVqQvoHPCheFVFTQEUCliwBIGoxgU:X9vzZdxSy+Brox9wK++bVqQvoHPxFVY1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44c9e9598dcedaf035347f5e3c1e626d_JaffaCakes118

Files

44c9e9598dcedaf035347f5e3c1e626d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b9b3f368e14a3c58b2eca03cc1e38fcb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
ExitThread
LeaveCriticalSection
VirtualAlloc

msvcrt

__set_app_type
swscanf
__p__fmode

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ