6f648d08f38b75c246ab6d99eb3ab05b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f648d08f38b75c246ab6d99eb3ab05b_JaffaCakes118
Size

1.7MB
MD5

6f648d08f38b75c246ab6d99eb3ab05b
SHA1

decbb532534477ed728c3714ce6bba991e6071af
SHA256

1581a396c81a2df73d5e7b17b6307fcb4eb03429afa4e4315b2d1040b88de263
SHA512

ef2abe73dec29088168ab2559970c304df863fa0f3df1909197daa8b9e48a1ebd9945f18db7e4add49cc954670951b3d108aa9f95698b5121ab7e9fe3a7782f3
SSDEEP

49152:ZIBMWLmkDK4UfqbkhkcZSie4v6JaMPqlVE:ZIGmBDKhSkziLSM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f648d08f38b75c246ab6d99eb3ab05b_JaffaCakes118

Files

6f648d08f38b75c246ab6d99eb3ab05b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

InstallHook
UnHook
setbabycode

Sections

Size: 314KB - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WinLicen
Size: 1.3MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE