b52d62fbc9da225ee1652921c7b05d43_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b52d62fbc9da225ee1652921c7b05d43_JaffaCakes118
Size

100KB
MD5

b52d62fbc9da225ee1652921c7b05d43
SHA1

8794c6d4ce7d465a85f74d3eefc8ff955e5481eb
SHA256

e9b16164932f8d216c38e74a306b018a6c412387e6461d27f49205f7944a9f51
SHA512

e0e52fd12d3d81b2d9c479a3f1e97b16db74adbaf29af4f75e9a031c815f232f34d5fba5eb4ed3cb74ced13d754296936195820b6b31f57dd6156e0f19086fce
SSDEEP

1536:z6lIdSDpfw5phZ/R8dSRlm83u24k5BqKhNaTcwRIvn0pFx5maPGR:1dSdfw/hZwS1u24K1hNZeg7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b52d62fbc9da225ee1652921c7b05d43_JaffaCakes118

Files

b52d62fbc9da225ee1652921c7b05d43_JaffaCakes118
.dll windows:4 windows x86 arch:x86

47b95eaa8a92898962a601a6fb44ee48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
free
malloc
_initterm

kernel32

DisableThreadLibraryCalls

Exports

Exports

RtvDBlockQuery
RtvDDestroy
RtvDecodeBlock
RtvDecodeCreate

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 374B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE