d28b4b6e84453bde3c9d7af25f0b5707_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d28b4b6e84453bde3c9d7af25f0b5707_JaffaCakes118
Size

227KB
MD5

d28b4b6e84453bde3c9d7af25f0b5707
SHA1

f01381ab174950416ab45dc3f973d8884398a58c
SHA256

23bd91e0d885164cb6c1163f408e3ec5ebc1cd8dcc83d7bbf0aaa4ff412c9f4b
SHA512

04a43e406084e4c20af12dd9b4444dd285d79ef4a28ce09488f54a600b09d34bbe3ff49ab897a8a25ce1763e931a683c45e28fd3f59bd29fca1dc1d1fdd77be9
SSDEEP

3072:iLswst2Yu0aASB9aI8pBdaS8h1hLLGokQ:iLsFt2p0Mbj8pBdULLGW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d28b4b6e84453bde3c9d7af25f0b5707_JaffaCakes118

Files

d28b4b6e84453bde3c9d7af25f0b5707_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?DD_PA@@YAHKKDDPAH@Z
?Me2@@YAHKKDDPAH@Z
?RunMe@@YAHKKDDPAH@Z
?You1@@YAHKKDDPAH@Z
?doa@@YAHKKDDPAH@Z
?ha@@YAHKKDDPAH@Z
?me@@YAHKKDDPAH@Z
?who@@YAHKKDDPAH@Z
KillOld
SetHook
runform
testform

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ