9578d24970c37d0325c8444f43fb1524_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9578d24970c37d0325c8444f43fb1524_JaffaCakes118
Size

53KB
MD5

9578d24970c37d0325c8444f43fb1524
SHA1

f40783702d6ec0b3751da2b40bb417a0fec58745
SHA256

0a5108c254493f2979bb17c13e45ab9f1baf59409b287c3a0e90f3ace3989ecd
SHA512

da748c76e2573c165a3a7af0e3a65023bb50b406bb3c40c01449534c7bce402c581e130ec9f9c60335192f6f880069f8ffae932a2ccacec07cb65bf8b4dd333b
SSDEEP

768:byAqNmQB8Hu7jIswtrqFRDmaDItos29z2npavfmD2Ri7gkbhpJGB8349gNo:OAqNmQB8Hu7nSrez2CTRctUg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9578d24970c37d0325c8444f43fb1524_JaffaCakes118

Files

9578d24970c37d0325c8444f43fb1524_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FilesList
fetchconv
imlistz
keyssend
pred
startlogger
startshell
startwbs
stklg
stklg2
stopwbs

Sections

CODE
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 255B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ