4b4140911e8139c308b16b40b0ddd710_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b4140911e8139c308b16b40b0ddd710_JaffaCakes118
Size

52KB
MD5

4b4140911e8139c308b16b40b0ddd710
SHA1

f6e47eade5ca018a2f0893fd760d3e859097d233
SHA256

a8cd56eb967ce547df22144acd4ade71bb5a34e19c2f1fa3954c7dec92ed9526
SHA512

a445dec27f295022c18e7894062db58455ab7bcbd06b61ca2d11d2791e125dd328764d76f2b76841c11d159be122c9fddb79e95c77b556f945e746b6c85684e3
SSDEEP

768:H85B4uwp15CoIXzgoacNHxnnDAsbyoTlNwfdiSD1aHO2cYXEjuD:GwpxezgofDDBnl2fggUHO2ci

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b4140911e8139c308b16b40b0ddd710_JaffaCakes118

Files

4b4140911e8139c308b16b40b0ddd710_JaffaCakes118
.dll windows:4 windows x86 arch:x86

823b10cc81096616928e1d1af36758c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
VirtualAlloc
VirtualFree
ExitProcess

Exports

Exports

DoMainWork DoService
DoService
ServiceMain

Sections

.text
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pLL
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE