6f5d36f168d345fe0d65986125c998bc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f5d36f168d345fe0d65986125c998bc_JaffaCakes118
Size

41KB
MD5

6f5d36f168d345fe0d65986125c998bc
SHA1

43b81346412865c6aa394f2714bc7d8448a2fe8e
SHA256

6647e4c632bc26ebf069cdd16b98a7ef246312dc42820b45c726f7079e7f208b
SHA512

958f5f41a930e5a7538b87d9c21c0a12d4dd36c770b592200100cd10a39f4b7f6feb9f46ea90b3ec1db504e750d9f65878fbfa30e16ed710522603d78f5f74ee
SSDEEP

768:KtP1RCKbisYvC5TKw4aDgXlfkzNBpIm4ZflN8e:+DnDj5WalzLS1lue

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f5d36f168d345fe0d65986125c998bc_JaffaCakes118

Files

6f5d36f168d345fe0d65986125c998bc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

148bf55ceb3e5471ef5f9ffc2bb75e2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect

Exports

Exports

DoMainWork
DoService
ServiceMain

Sections

.XComp0
Size: 32KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XComp
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE