739641879475d739ed6767d69e13f297_JaffaCakes118 | Triage

Sharing

General

Target

739641879475d739ed6767d69e13f297_JaffaCakes118
Size

46KB
MD5

739641879475d739ed6767d69e13f297
SHA1

bab6dbfa2639c7be69e39971715696cf82c3dfe6
SHA256

bc613a502bab7daa6d5253a34dd47751ec6ed34862d7116b411fd9d646e29a30
SHA512

694b005c691b2f84ac4f273cc1901a9a97207c1aa3ef2f9d48cdb3a28c404d73fca09e8e877a438952d5ed844c69afe15a7dc602d471bd712ba9e645f69fc304
SSDEEP

768:fqpOXNcyxMY6uS2kZNKLdaWGM0Ga8EFwpZvwopZF64BOzJSbUo0Ug3aRnvoXSQ+c:fVNcyCY6C+wgAa83plwVSOzV41voXClK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
739641879475d739ed6767d69e13f297_JaffaCakes118

Files

739641879475d739ed6767d69e13f297_JaffaCakes118
.dll windows:3 windows x86 arch:x86

cbe53dd85d68fdf0298dd0f4474a43f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessId
LoadLibraryExA
CloseHandle
CreateEventA
ExitProcess
GetCurrentProcessId

Exports

Exports

CreateProcessNotify
DllGetVersion

Sections

.text
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kdata
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ