cf0838ca94e9149acc64b88dd62b2b57_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf0838ca94e9149acc64b88dd62b2b57_JaffaCakes118
Size

558KB
MD5

cf0838ca94e9149acc64b88dd62b2b57
SHA1

5ebe07b970a3bff1cb96f9ea8d7dc37886663478
SHA256

1eb415028be51bd20928cef837bf25a04a68d8b3b02b41a0c5b8de8c270aae9c
SHA512

dee569cab6daa62875de1bfff8f1103b13156de5d38ee2e0fd3940c9ece09075b4f8165be13eed097cd5737f21f5069da569d94ba3c72324affd7813cf37fcf2
SSDEEP

6144:X/ZMtXiKdb7xA6QRv8EHudwkQXahZwpNb:X/Zidb7OZ1bhahZwpB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf0838ca94e9149acc64b88dd62b2b57_JaffaCakes118

Files

cf0838ca94e9149acc64b88dd62b2b57_JaffaCakes118
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllInit
GetVar
_hi_DllInit
_hi_GetVar
_hi_Icon
_hi_PointsInfo
_hi_doWork
doWork

Sections

CODE
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ