47e6a190365f231aa175bdd5f9951e81_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47e6a190365f231aa175bdd5f9951e81_JaffaCakes118
Size

331KB
MD5

47e6a190365f231aa175bdd5f9951e81
SHA1

ea50f78e96bb2b4e12f632c4a4fa62b301eb91b6
SHA256

e60450cd0b2e8579be431b76aebeeac9140a49b01dad12dc4b4997c2e7748f30
SHA512

f0c03bb6151d75929ec800adf4402ee442adc3283c24f33f3a887bafac70205508ff2344a9d2647a2558741419b5c2074506563446b18b452c0dd178c58d0ac7
SSDEEP

3072:R0DJ4yl3ssyBPwzfYcN6kKOXmjN3dv5OP3JTd9NWeZ4EeVS/+tyUnx7JZsIHJ:ROJ4yl5C40cN6kKBBmBWeZ4EF/xUn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47e6a190365f231aa175bdd5f9951e81_JaffaCakes118

Files

47e6a190365f231aa175bdd5f9951e81_JaffaCakes118
.dll windows:4 windows x86 arch:x86

acd9fa3a74cc4c1d92998e6ad62eeb8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
LoadLibraryA

user32

wsprintfA
MessageBoxA

Exports

Exports

ServiceMain
ServiceMainManual

Sections

.data
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rl
Size: 308B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ