48079a2a80df95d31a06f30029f40b92_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48079a2a80df95d31a06f30029f40b92_JaffaCakes118
Size

18KB
MD5

48079a2a80df95d31a06f30029f40b92
SHA1

7dc93e539e97f67c61d81f380fa38b0c9b16a5a8
SHA256

319f979714caf87c3aef81d4046d9bc7f9bff20802ea1a4334f1063fc11d4e19
SHA512

4f34c4fcf1bf3be9cbb5a73bdde456893764787fe109bb64519c379ad81e11df519c89a0053888d356c1f5a973046537f3640996f0ae650c9b2693acc2243d0d
SSDEEP

384:Gau0NKw9NYQgQnZkiMnv1u1Gpg1jXIz1tMYYOtZg:zu0VrZ0Q41t6P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48079a2a80df95d31a06f30029f40b92_JaffaCakes118

Files

48079a2a80df95d31a06f30029f40b92_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

EnHookWindow
Skif4freW4ll
UnHookWindow

Sections

CODE
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ