47d2656fcc5374131abbe6bb3069d3b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47d2656fcc5374131abbe6bb3069d3b2_JaffaCakes118
Size

114KB
MD5

47d2656fcc5374131abbe6bb3069d3b2
SHA1

499138d6913f7dcf4d38ee1593c6f02d72a67e60
SHA256

f31669598a4b080f4739ff83416a96ff0c987484b406020f5037c7403910265e
SHA512

2f9189899ea878597b271e9de7ff090ed6c9c2517cc945e07b2951f9643ae01f147488abc8e9b3ec8d94b29331ef1bef2a6740860ab01dd56094517d21bb1990
SSDEEP

1536:OsyqFgm00maVYtHX3XisTQ8Sib0ttUvNKXnicWXaBk+VZxZ7mqY2tdWJ0102+b4B:OJm3mUYSMiTniMS+Ch01Ab4Bs8gPVu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47d2656fcc5374131abbe6bb3069d3b2_JaffaCakes118

Files

47d2656fcc5374131abbe6bb3069d3b2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?ENccg1@@YAHKKDD@Z
?RueenFather@@YAHKKDD@Z
?dd@@YAHKKDD@Z
?haha@@YAHKKDD@Z
KillOld
SetHook
runform
testform

Sections

Size: 105KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.petite
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE