49b0417e7f589b886441917764e5b5b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49b0417e7f589b886441917764e5b5b2_JaffaCakes118
Size

94KB
MD5

49b0417e7f589b886441917764e5b5b2
SHA1

6f149e3ad931d722f792cd5b3ba6f357d193b8d7
SHA256

8e28db04ee385a3ffdad0250b09b79e138e9c4f20a8690078df7db0d96f755af
SHA512

cd7ddd4eddb28e1c7f129914dfe9ada7ebef00228d36061f6770d74a766d94f9ffc0203fd669ccaa972e6d75baabeb07a27635bc814231234669a6afff43b9c1
SSDEEP

1536:b894+5shPGrKFmvUgVY/Xsn6v858iJBuyNiQd+Q1prmdvx0oppvtOej+xzEFBInt:bk4+prK3gVYP26v85TvBX+Q7rmFx1Hly

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49b0417e7f589b886441917764e5b5b2_JaffaCakes118

Files

49b0417e7f589b886441917764e5b5b2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

39c3002e84450d368d9676a2f9e501cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
VirtualProtect
LoadLibraryA
ExitProcess
GetLastError
OpenThread
GetThreadContext

user32

GetMessageA
SendNotifyMessageA

Exports

Exports

Knkslaub
Yihffxom

Sections

.text
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA2
Size: 3KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enill
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ