c8bfac42b7fdbe80872943dee5cc4f6f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8bfac42b7fdbe80872943dee5cc4f6f_JaffaCakes118
Size

43KB
MD5

c8bfac42b7fdbe80872943dee5cc4f6f
SHA1

52d1ee6ea1eabf31959c80e04a0f25a8ed1711fc
SHA256

04ca0a757cafa9f738e1a4c640bbce4fbe6945a37a1f57be254634dfeefc5f2a
SHA512

36717c00b96daf3e7f32607d963e373ae712eca56097dcca381b884a88d1a3721ce8bb37778a4f3e7979c05aa24c8925d8bf04d73e2fbda72c835d2970dd1970
SSDEEP

768:fO+RE2giTN2L3/Cp43JYSFjGra3TN3XQx:fOU/Tq3w4pbTN3gx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8bfac42b7fdbe80872943dee5cc4f6f_JaffaCakes118

Files

c8bfac42b7fdbe80872943dee5cc4f6f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

Activate
DllCanUnloadNow
DllGetClassObject
HookProc
Logoff
Logon
Start

Sections

.text
Size: 14KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE