c1fecc45c5d1b9c183e4d448791f0833_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1fecc45c5d1b9c183e4d448791f0833_JaffaCakes118
Size

62KB
MD5

c1fecc45c5d1b9c183e4d448791f0833
SHA1

d40a9252982ad37aaec50c1d914c5501899696fc
SHA256

32ed270be0194bd84900dd521e13321a9ce1cade5a582b774cde1533f0cdd8b2
SHA512

75b24e60e4159ce93dad6d76f8b8c5829cf139b86fbf5411dd9fee1a2c83b9f765f996e403ed516ef856f87b6657c7d29fa29dc583441aa158c73b8d85f1c6f5
SSDEEP

1536:0vNeHH07Ee2foiCJ2wNtKV6hvanxKyc5:0vAHkgoiCJ2OKVYCng

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1fecc45c5d1b9c183e4d448791f0833_JaffaCakes118

Files

c1fecc45c5d1b9c183e4d448791f0833_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5956d710a9aca8a8bb88faec16ed2f9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
VirtualProtect

Exports

Exports

CaptureOne
CaptureOne_really
DecodeImage
DecryptImage
IsCapturing
StartCaptureMore
StartCaptureMore_really
StopCaptureMore

Sections

Size: 55KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE