cf976095f3e3e69381170c63fc303c4e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf976095f3e3e69381170c63fc303c4e_JaffaCakes118
Size

18KB
MD5

cf976095f3e3e69381170c63fc303c4e
SHA1

1ab9e86b1e713a747cefa26b3f169da23a60dab2
SHA256

88cc22327511eea84d8f7d6671e5660f74b79cbcb240b0886a26a9f1b7aceecc
SHA512

15a137476d6f751178d8da45b44d9a2700c68abdafb2c4857d8d5771a0abdcef8e3447e3feb6410b39550ce1b5c89749dbed70d72b86da82a98d89d37e6d3f79
SSDEEP

384:KQN6HCEW0+L0rQKMVLYbtE2xLymmj+wOe7X84IJS2OH3kAo:zSCEN+Sl0YJE1pjWzxS2OH3P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf976095f3e3e69381170c63fc303c4e_JaffaCakes118

Files

cf976095f3e3e69381170c63fc303c4e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9de59e7a6ba87f5375457f3cb5d9dc37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

ShowWindow

Exports

Exports

VulanHookDll
VulanUnHookDll

Sections

.text
Size: 13KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE