618e2c6d4104963d8bacd313bbd3acd7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

618e2c6d4104963d8bacd313bbd3acd7_JaffaCakes118
Size

148KB
MD5

618e2c6d4104963d8bacd313bbd3acd7
SHA1

75a0338d0dee4824008249882aed0b3e36108b8f
SHA256

6fca5556d12f0855f649b7778390996355e5fc443d8eb6576cafe1d6afeac5df
SHA512

c5cae47334c14a215841a5e49d23cae74feda17bd9f34ff2f21e6a3752139246aff10ebea39edffa6b5ba818273678ef7d441aa75f313b3240586f76f802c97e
SSDEEP

3072:Sx73qAAdzs60yn+DiSjJLBE8oqvsDW4VNT+uNwnNG:wqAAdzCy+OSlToxDRpGG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
618e2c6d4104963d8bacd313bbd3acd7_JaffaCakes118

Files

618e2c6d4104963d8bacd313bbd3acd7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

47b95eaa8a92898962a601a6fb44ee48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
free
malloc
_initterm

kernel32

DisableThreadLibraryCalls

Exports

Exports

JGS6EncodeBlock
JGS6EncodeBlockQuery
JGS6EncodeCreate
JGS6EncodeDestroy

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE